diff options
| author | Jeff Trawick <trawick@apache.org> | 2001-08-29 14:29:36 +0200 |
|---|---|---|
| committer | Jeff Trawick <trawick@apache.org> | 2001-08-29 14:29:36 +0200 |
| commit | f8790f66e33c38701771b0ab916b711f96edaf59 (patch) | |
| tree | 8f458a42299bac1ff0197441993efd3673206f89 /modules/metadata/mod_usertrack.c | |
| parent | Fix some warnings... (diff) | |
| download | apache2-f8790f66e33c38701771b0ab916b711f96edaf59.tar.xz apache2-f8790f66e33c38701771b0ab916b711f96edaf59.zip | |
From Mark Cox:
I've had a couple of emails from users using mod_usertrack for authentication.
Add the equivalent of a "warning: coffee may be hot" label, and fix a broken
email address at the same time.
Submitted by: Mark Cox
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90780 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/metadata/mod_usertrack.c')
| -rw-r--r-- | modules/metadata/mod_usertrack.c | 19 |
1 files changed, 6 insertions, 13 deletions
diff --git a/modules/metadata/mod_usertrack.c b/modules/metadata/mod_usertrack.c index acbcb78396..67d23f9b5a 100644 --- a/modules/metadata/mod_usertrack.c +++ b/modules/metadata/mod_usertrack.c @@ -58,10 +58,13 @@ /* User Tracking Module (Was mod_cookies.c) * + * *** IMPORTANT NOTE: This module is not designed to generate + * *** cryptographically secure cookies. This means you should not + * *** use cookies generated by this module for authentication purposes + * * This Apache module is designed to track users paths through a site. * It uses the client-side state ("Cookie") protocol developed by Netscape. - * It is known to work on Netscape browsers, Microsoft Internet - * Explorer and others currently being developed. + * It is known to work on most browsers. * * Each time a page is requested we look to see if the browser is sending * us a Cookie: header that we previously generated. @@ -85,17 +88,7 @@ * can emulate it by adding the following command to your config file * CustomLog filename "%{Cookie}n \"%r\" %t" * - * Notes: - * 1. This code now logs the initial transaction (the one that created - * the cookie to start with). - * 2. This module has been designed to not interfere with other Cookies - * your site may be using; just avoid sending out cookies with - * the name "Apache=" or things will get confused. - * 3. If you want you can modify the Set-Cookie line so that the Cookie - * never expires. You would then get the same Cookie each time the - * user revisits your site. - * - * Mark Cox, mark@ukweb.com, 6 July 95 + * Mark Cox, mjc@apache.org, 6 July 95 * * This file replaces mod_cookies.c */ |