You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by br...@hyperreal.org on 1998/07/01 08:52:32 UTC
cvs commit: apache-1.3/htdocs/manual/mod mod_usertrack.html
brian 98/06/30 23:52:32
Modified: htdocs/manual/mod mod_usertrack.html
Log:
Add analysis done by Christian Sane
Revision Changes Path
1.17 +42 -0 apache-1.3/htdocs/manual/mod/mod_usertrack.html
Index: mod_usertrack.html
===================================================================
RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/mod_usertrack.html,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- mod_usertrack.html 1998/05/20 14:13:00 1.16
+++ mod_usertrack.html 1998/07/01 06:52:32 1.17
@@ -110,6 +110,48 @@
on a per-server or per-directory basis. By default, compiling
mod_usertrack will not activate cookies.
+<HR>
+
+<H2>2-digit or 4-digit dates for cookies?</H2>
+
+(the following is from message
+<022701bda43d$9d32bbb0$1201a8c0@christian.office.sane.com> in
+the new-httpd archives)
+
+<P>
+
+<PRE>
+From: "Christian Allen" <christian@sane.com>
+Subject: Re: Apache Y2K bug in mod_usertrack.c
+Date: Tue, 30 Jun 1998 11:41:56 -0400
+
+Did some work with cookies and dug up some info that might be useful.
+
+True, Netscape claims that the correct format NOW is four digit dates, and
+four digit dates do in fact work... for Netscape 4.x (Communicator), that
+is. However, 3.x and below do NOT accept them. It seems that Netscape
+originally had a 2-digit standard, and then with all of the Y2K hype and
+probably a few complaints, changed to a four digit date for Communicator.
+Fortunately, 4.x also understands the 2-digit format, and so the best way to
+ensure that your expiration date is legible to the client's browser is to
+use 2-digit dates.
+
+However, this does not limit expiration dates to the year 2000; if you use
+an expiration year of "13", for example, it is interpreted as 2013, NOT
+1913! In fact, you can use an expiration year of up to "37", and it will be
+understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure
+about versions previous to those). Not sure why Netscape used that
+particular year as its cut-off point, but my guess is that it was in respect
+to UNIX's 2038 problem. Netscape/MSIE 4.x seem to be able to understand
+2-digit years beyond that, at least until "50" for sure (I think they
+understand up until about "70", but not for sure).
+
+Summary: Mozilla 3.x and up understands two digit dates up until "37"
+(2037). Mozilla 4.x understands up until at least "50" (2050) in 2-digit
+form, but also understands 4-digit years, which can probably reach up until
+9999. Your best bet for sending a long-life cookie is to send it for some
+time late in the year "37".
+</PRE>
<!--#include virtual="footer.html" -->
</BODY>