Cookie Expiring Date
Michael S. Fischer
michael at dynamine.net
Tue Feb 3 17:59:07 CET 2009
On Feb 3, 2009, at 6:25 AM, Tollef Fog Heen wrote:
> If it has expired, the client just won't send it, so just check
> req.http.cookie for the relevant cookie and you'll be fine.
I strongly advise against this, as it could subject you to replay
attacks.
That said, the client does not include an expiration date with the
Cookie: header in an HTTP request. You'll have to check the validity
of the header on the backend, or modify Varnish to do it for you.
--Michael
More information about the varnish-misc
mailing list