From: Rich Bowen Previous releases of Apache have included a module which
+ generates a 'clickstream' log of user activity on a site using
+ cookies. This was called the "cookies" module, mod_cookies. In
+ Apache 1.2 and later this module has been renamed the "user
+ tracking" module, mod_usertrack. This module has been
+ simplified and new directives added. Previously, the cookies module (now the user tracking
+ module) did its own logging, using the CookieLog
+ directive. In this release, this module does no logging at all.
+ Instead, a configurable log format file should be used to log
+ user click-streams. This is possible because the logging module
+ now allows multiple log files. The cookie itself is logged by
+ using the text %{cookie}n in the log file format. For
+ example: For backward compatibility the configurable log module
+ implements the old CookieLog directive, but this
+ should be upgraded to the above CustomLog directive. (the following is from message
+ <022701bda43d$9d32bbb0$1201a8c0@christian.office.sane.com>
+ in the new-httpd archives)
+Summary
+
+
+From: "Christian Allen" <christian@sane.com>
+Subject: Re: Apache Y2K bug in mod_usertrack.c
+Date: Tue, 30 Jun 1998 11:41:56 -0400
+
+Did some work with cookies and dug up some info that might be useful.
+
+True, Netscape claims that the correct format NOW is four digit dates, and
+four digit dates do in fact work... for Netscape 4.x (Communicator), that
+is. However, 3.x and below do NOT accept them. It seems that Netscape
+originally had a 2-digit standard, and then with all of the Y2K hype and
+probably a few complaints, changed to a four digit date for Communicator.
+Fortunately, 4.x also understands the 2-digit format, and so the best way to
+ensure that your expiration date is legible to the client's browser is to
+use 2-digit dates.
+
+However, this does not limit expiration dates to the year 2000; if you use
+an expiration year of "13", for example, it is interpreted as 2013, NOT
+1913! In fact, you can use an expiration year of up to "37", and it will be
+understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure
+about versions previous to those). Not sure why Netscape used that
+particular year as its cut-off point, but my guess is that it was in respect
+to UNIX's 2038 problem. Netscape/MSIE 4.x seem to be able to understand
+2-digit years beyond that, at least until "50" for sure (I think they
+understand up until about "70", but not for sure).
+
+Summary: Mozilla 3.x and up understands two digit dates up until "37"
+(2037). Mozilla 4.x understands up until at least "50" (2050) in 2-digit
+form, but also understands 4-digit years, which can probably reach up until
+9999. Your best bet for sending a long-life cookie is to send it for some
+time late in the year "37".
+
+
This directive controls the setting of the domain to which + the tracking cookie applies. If not present, no domain is + included in the cookie header field.
+ +The domain string must begin with a dot, and + must include at least one embedded dot. That is, + ".foo.com" is legal, but "foo.bar.com" and ".com" are not.
+When used, this directive sets an expiry time on the cookie + generated by the usertrack module. The expiry-period + can be given either as a number of seconds, or in the format + such as "2 weeks 3 days 7 hours". Valid denominations are: + years, months, weeks, hours, minutes and seconds. If the expiry + time is in any format other than one number indicating the + number of seconds, it must be enclosed by double quotes.
+ +If this directive is not used, cookies last only for the + current browser session.
+This directive allows you to change the name of the cookie
+ this module uses for its tracking purposes. By default the
+ cookie is named "Apache
".
You must specify a valid cookie name; results are + unpredictable if you use a name containing unusual characters. + Valid characters include A-Z, a-z, 0-9, "_", and "-".
+This directive controls the format of the cookie header + field. The three formats allowed are:
+ +Not all clients can understand all of these formats. but you + should use the newest one that is generally acceptable to your + users' browsers.
+When the user track module is compiled in, and + "CookieTracking on" is set, Apache will start sending a + user-tracking cookie for all new requests. This directive can + be used to turn this behavior on or off on a per-server or + per-directory basis. By default, compiling mod_usertrack will + not activate cookies.
+ +