On Feb 3, 2009, at 6:25 AM, Tollef Fog Heen wrote: > If it has expired, the client just won't send it, so just check > req.http.cookie for the relevant cookie and you'll be fine.
I strongly advise against this, as it could subject you to replay attacks. That said, the client does not include an expiration date with the Cookie: header in an HTTP request. You'll have to check the validity of the header on the backend, or modify Varnish to do it for you. --Michael _______________________________________________ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc