On Sun, 30 Nov 2003 08:50:59 -0800 (PST), Uzo Uzo <uzoechi@...>
>Well, I got it seeing my cookies, the search on the discuss is broken as
>of now, so I can't search further on it. But my app is still broken.
>I still have more questions, when I receive a cookie, how do I check if
>it is expired?
If you set an expiration date on the cookie when you send it, it becomes
the browser's responsibility to handle it. When the cookie expires, the
browser will simply not send it the next time you connect.
>Does webware help at all? or must my app save that information and validate
>the expiration of the cookie everytime?
Unless the date is dynamic for some reason, the stock cookie behavior
should work. When the cookie expires, the browser deletes it, so the next
time the user connects, it is as if there never was a cookie.
Some people put additional timeout checks in their applets to guard
against an attacker who stores up the cookie and sends it back after it
was supposed to expire. However, for many purposes, that extra check is
not worth the trouble.
- Tim Roberts, timr@...
Providenza & Boekelheide, Inc.