You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by br...@hyperreal.org on 1998/07/01 08:52:32 UTC

cvs commit: apache-1.3/htdocs/manual/mod mod_usertrack.html

brian       98/06/30 23:52:32

  Modified:    htdocs/manual/mod mod_usertrack.html
  Log:
  Add analysis done by Christian Sane
  
  Revision  Changes    Path
  1.17      +42 -0     apache-1.3/htdocs/manual/mod/mod_usertrack.html
  
  Index: mod_usertrack.html
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/mod_usertrack.html,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- mod_usertrack.html	1998/05/20 14:13:00	1.16
  +++ mod_usertrack.html	1998/07/01 06:52:32	1.17
  @@ -110,6 +110,48 @@
   on a per-server or per-directory basis.  By default, compiling
   mod_usertrack will not activate cookies.
   
  +<HR>
  +
  +<H2>2-digit or 4-digit dates for cookies?</H2>
  +
  +(the following is from message
  +&lt;022701bda43d$9d32bbb0$1201a8c0@christian.office.sane.com&gt; in
  +the new-httpd archives)
  +
  +<P>
  +
  +<PRE>
  +From: "Christian Allen" &lt;christian@sane.com&gt;
  +Subject: Re: Apache Y2K bug in mod_usertrack.c
  +Date: Tue, 30 Jun 1998 11:41:56 -0400
  +
  +Did some work with cookies and dug up some info that might be useful.
  +
  +True, Netscape claims that the correct format NOW is four digit dates, and
  +four digit dates do in fact work... for Netscape 4.x (Communicator), that
  +is.  However, 3.x and below do NOT accept them.  It seems that Netscape
  +originally had a 2-digit standard, and then with all of the Y2K hype and
  +probably a few complaints, changed to a four digit date for Communicator.
  +Fortunately, 4.x also understands the 2-digit format, and so the best way to
  +ensure that your expiration date is legible to the client's browser is to
  +use 2-digit dates.
  +
  +However, this does not limit expiration dates to the year 2000; if you use
  +an expiration year of "13", for example, it is interpreted as 2013, NOT
  +1913!  In fact, you can use an expiration year of up to "37", and it will be
  +understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure
  +about versions previous to those).  Not sure why Netscape used that
  +particular year as its cut-off point, but my guess is that it was in respect
  +to UNIX's 2038 problem.  Netscape/MSIE 4.x seem to be able to understand
  +2-digit years beyond that, at least until "50" for sure (I think they
  +understand up until about "70", but not for sure).
  +
  +Summary:  Mozilla 3.x and up understands two digit dates up until "37"
  +(2037).  Mozilla 4.x understands up until at least "50" (2050) in 2-digit
  +form, but also understands 4-digit years, which can probably reach up until
  +9999.  Your best bet for sending a long-life cookie is to send it for some
  +time late in the year "37".
  +</PRE>
   
   <!--#include virtual="footer.html" -->
   </BODY>