httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: unsetting encrypted cookies when encryption key changes
Date Mon, 27 Jan 2014 12:41:41 GMT
On 27 Jan 2014, at 1:04 PM, Thomas Eckert <thomas.r.w.eckert@gmail.com> wrote:

> > It just woke up - committed in r1560977 and proposed for backport to v2.4.x.
> 
> Nice, thank you !
> 
> 
> > Isn't it curious how the expiry is inspected before the session is decoded?
> 
> Why ?

I was also confused by the comment. Currently the expiry of the session is a property of the
session implementation, so we use the maxage of the cookie or a dedicated column in a sql
table for the expiry. Currently, an expired message shouldn't get past the load step, the
check is in case it does in some future module.

Regards,
Graham
--


Mime
View raw message