I am submitting a patch to mod_usertrack for both Apache 2.0 and 1.3 for your consideration.
The patch fixes a bug where the use of strstr() to find the name of the cookie in the cookieheader can accidentally "find" the name of the cookie in what is actually the contents of a cookie if the contents happen to contain the name of the user tracking cookie.
The patch relies on a robust regexp to find the cookiename in the header instead of strstr().
performance concern a.k.a. dumb question... is a regexp required for fixing this problem?
More details are at http://www.manniwood.net/mod_usertrack_patch.html.
excellent resource... I applaud you for taking the initiative to deal with this so carefully
