On Jan 19, 2012, at 1:53 PM, Phil Pishioneri wrote: > On 1/19/12 1:44 PM, Andrew Mortensen wrote: >> What are you hoping to do with the expire time? > > I figured it might be useful for a filter desiring periodic reauthentication > (with basic reauthentication enabled).
OK. Before I get to that, let me correct myself, since I based my last answer purely on what takes place when you hit the validation URL, and what I said was wrong. Once a service cookie is set in the browser, it's submitted along with any request to a host or host pool. That cookie includes the initial timestamp, and *that* value is checked by the filter before any check of the cookie itself is done. It was added as a simple way to reduce load on cosignd, since mod_cosign can tell with a simple comparison whether the cookie in the browser is stale. The browser's cookie jar is the global source of the timestamp checked by the CosignCookieExpireTime feature, so the timestamp checked will always be the same across hosts in a given pool. So: yes, it'll do what you want. andrew ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
