httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From noi...@apache.org
Subject svn commit: r415205 - in /httpd/httpd/branches/2.0.x/docs/manual/mod: mod_usertrack.html.en mod_usertrack.xml
Date Sun, 18 Jun 2006 22:00:35 GMT
Author: noirin
Date: Sun Jun 18 15:00:34 2006
New Revision: 415205

URL: http://svn.apache.org/viewvc?rev=415205&view=rev
Log:
Backports of mod_usertrack fixes

Modified:
    httpd/httpd/branches/2.0.x/docs/manual/mod/mod_usertrack.html.en
    httpd/httpd/branches/2.0.x/docs/manual/mod/mod_usertrack.xml

Modified: httpd/httpd/branches/2.0.x/docs/manual/mod/mod_usertrack.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/docs/manual/mod/mod_usertrack.html.en?rev=415205&r1=415204&r2=415205&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/docs/manual/mod/mod_usertrack.html.en (original)
+++ httpd/httpd/branches/2.0.x/docs/manual/mod/mod_usertrack.html.en Sun Jun 18 15:00:34 2006
@@ -130,7 +130,21 @@
 
     <p>The domain string <strong>must</strong> begin with a dot, and
     <strong>must</strong> include at least one embedded dot. That is,
-    ".foo.com" is legal, but "foo.bar.com" and ".com" are not.</p>
+    <code>.foo.com</code> is legal, but <code>foo.bar.com</code>
and
+    <code>.com</code> are not.</p>
+
+    <div class="note">Most browsers in use today will not allow cookies to be set
+    for a two-part top level domain, such as <code>.co.uk</code>,
+    although such a domain ostensibly fulfills the requirements
+    above.<br />
+
+    These domains are equivalent to top level domains such as
+    <code>.com</code>, and allowing such cookies may be a security
+    risk. Thus, if you are under a two-part top level domain, you
+    should still use your actual domain, as you would with any other top
+    level domain (for example, use <code>.foo.co.uk</code>).
+    </div>
+
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
@@ -204,7 +218,8 @@
 
     <p>Not all clients can understand all of these formats. but you
     should use the newest one that is generally acceptable to your
-    users' browsers.</p>
+    users' browsers. At the time of writing, most browsers only fully
+    support <code>CookieStyle Netscape</code>.</p>
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
@@ -218,12 +233,13 @@
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_usertrack</td></tr>
 </table>
-    <p>When the user track module is compiled in, and
-    "CookieTracking on" is set, Apache will start sending a
+    <p>When <code class="module"><a href="../mod/mod_usertrack.html">mod_usertrack</a></code>
is loaded, and
+    <code>CookieTracking on</code> is set, Apache will send a
     user-tracking cookie for all new requests. This directive can
     be used to turn this behavior on or off on a per-server or
-    per-directory basis. By default, compiling mod_usertrack will
-    not activate cookies. </p>
+    per-directory basis. By default, enabling
+    <code class="module"><a href="../mod/mod_usertrack.html">mod_usertrack</a></code>
will <strong>not</strong>
+    activate cookies. </p>
 
 
 </div>

Modified: httpd/httpd/branches/2.0.x/docs/manual/mod/mod_usertrack.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/docs/manual/mod/mod_usertrack.xml?rev=415205&r1=415204&r2=415205&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/docs/manual/mod/mod_usertrack.xml (original)
+++ httpd/httpd/branches/2.0.x/docs/manual/mod/mod_usertrack.xml Sun Jun 18 15:00:34 2006
@@ -122,7 +122,21 @@
 
     <p>The domain string <strong>must</strong> begin with a dot, and
     <strong>must</strong> include at least one embedded dot. That is,
-    ".foo.com" is legal, but "foo.bar.com" and ".com" are not.</p>
+    <code>.foo.com</code> is legal, but <code>foo.bar.com</code>
and
+    <code>.com</code> are not.</p>
+
+    <note>Most browsers in use today will not allow cookies to be set
+    for a two-part top level domain, such as <code>.co.uk</code>,
+    although such a domain ostensibly fulfills the requirements
+    above.<br />
+
+    These domains are equivalent to top level domains such as
+    <code>.com</code>, and allowing such cookies may be a security
+    risk. Thus, if you are under a two-part top level domain, you
+    should still use your actual domain, as you would with any other top
+    level domain (for example, use <code>.foo.co.uk</code>).
+    </note>
+
 </usage>
 </directivesynopsis>
 
@@ -209,7 +223,8 @@
 
     <p>Not all clients can understand all of these formats. but you
     should use the newest one that is generally acceptable to your
-    users' browsers.</p>
+    users' browsers. At the time of writing, most browsers only fully
+    support <code>CookieStyle Netscape</code>.</p>
 </usage>
 </directivesynopsis>
 
@@ -229,12 +244,13 @@
 <override>FileInfo</override>
 
 <usage>
-    <p>When the user track module is compiled in, and
-    "CookieTracking on" is set, Apache will start sending a
+    <p>When <module>mod_usertrack</module> is loaded, and
+    <code>CookieTracking on</code> is set, Apache will send a
     user-tracking cookie for all new requests. This directive can
     be used to turn this behavior on or off on a per-server or
-    per-directory basis. By default, compiling mod_usertrack will
-    not activate cookies. </p>
+    per-directory basis. By default, enabling
+    <module>mod_usertrack</module> will <strong>not</strong>
+    activate cookies. </p>
 
 </usage>
 </directivesynopsis>



Mime
View raw message