From f8790f66e33c38701771b0ab916b711f96edaf59 Mon Sep 17 00:00:00 2001 From: Jeff Trawick Date: Wed, 29 Aug 2001 12:29:36 +0000 Subject: [PATCH] From Mark Cox: I've had a couple of emails from users using mod_usertrack for authentication. Add the equivalent of a "warning: coffee may be hot" label, and fix a broken email address at the same time. Submitted by: Mark Cox git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90780 13f79535-47bb-0310-9956-ffa450edef68 --- modules/metadata/mod_usertrack.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/modules/metadata/mod_usertrack.c b/modules/metadata/mod_usertrack.c index acbcb78396..67d23f9b5a 100644 --- a/modules/metadata/mod_usertrack.c +++ b/modules/metadata/mod_usertrack.c @@ -57,11 +57,14 @@ */ /* User Tracking Module (Was mod_cookies.c) + * + * *** IMPORTANT NOTE: This module is not designed to generate + * *** cryptographically secure cookies. This means you should not + * *** use cookies generated by this module for authentication purposes * * This Apache module is designed to track users paths through a site. * It uses the client-side state ("Cookie") protocol developed by Netscape. - * It is known to work on Netscape browsers, Microsoft Internet - * Explorer and others currently being developed. + * It is known to work on most browsers. * * Each time a page is requested we look to see if the browser is sending * us a Cookie: header that we previously generated. @@ -85,17 +88,7 @@ * can emulate it by adding the following command to your config file * CustomLog filename "%{Cookie}n \"%r\" %t" * - * Notes: - * 1. This code now logs the initial transaction (the one that created - * the cookie to start with). - * 2. This module has been designed to not interfere with other Cookies - * your site may be using; just avoid sending out cookies with - * the name "Apache=" or things will get confused. - * 3. If you want you can modify the Set-Cookie line so that the Cookie - * never expires. You would then get the same Cookie each time the - * user revisits your site. - * - * Mark Cox, mark@ukweb.com, 6 July 95 + * Mark Cox, mjc@apache.org, 6 July 95 * * This file replaces mod_cookies.c */ -- 2.40.0