diff options
| author | bwarsaw | 2000-07-20 20:08:55 +0000 |
|---|---|---|
| committer | bwarsaw | 2000-07-20 20:08:55 +0000 |
| commit | a043c6a7b763f21b2da19b430084fb2907b134f9 (patch) | |
| tree | 0d4e5fb7b5bc8228bfa41f37ad03a12cfba4234f /Mailman/htmlformat.py | |
| parent | b75122ba45daaee5eed59df7eb38dde7fb7d1a04 (diff) | |
| download | mailman-a043c6a7b763f21b2da19b430084fb2907b134f9.tar.gz mailman-a043c6a7b763f21b2da19b430084fb2907b134f9.tar.zst mailman-a043c6a7b763f21b2da19b430084fb2907b134f9.zip | |
Several changes to the cookie management code, to support session
cookies by default. Specifically,
MakeCookie(): We don't include the expires time in the mac or in the
marshaled state-tuple. These cookies live until the browser is exited
or the user explicitly logs out. In order to tell browsers this is a
session cookie, we do not set the cookie fields `Expires' or `Max-Age'
explicitly (when ADMIN_COOKIE_LIFE <= 0, as it is by default). Also,
set the RFC 2109 required `Version' field.
ZapCookie(): New method which creates a `session-logout' Set-Cookie:
header. According to RFC 2109, setting `Max-Age' to 0 ought to be
enough to zap the cookie, but for compatibility with the old Netscape
cookie spec, we also set the cookie data to the empty string.
CheckCookie(): The state-tuple and the mac no longer contain the
expired value. No need to test for now>expires and raise
MMExpiredCookieError either.
Diffstat (limited to 'Mailman/htmlformat.py')
0 files changed, 0 insertions, 0 deletions