I've been studying the API for moonfire-nvr and doing some tests. I found that when I successfully login, I get a cookie back that has a Max-Age value of 2147483648. Here's an example of a call and its return:
HTTP/1.1 204 No Content
set-cookie: s=cPGg3yLa2vqNgJ6uNbqkQflhU9pYohcl5ygM7Gc7SnAkbKoL8GakQPRf5pMGRPcB; HttpOnly; SameSite=Lax; Max-Age=2147483648; Path=/
cache-control: private, no-cache
date: Sun, 12 Mar 2023 16:17:20 GMT
A search for Max-Age reveals about 24 entries, five of which look to be of Scott's making, the others brought in by supporting modules and presumably by other authors.
Max-Age=<number> Optional
Indicates the number of seconds until the cookie expires.
A zero or negative number will expire the cookie immediately.
If both Expires and Max-Age are set, Max-Age has precedence.
The value of 2147483648, if it does represent seconds, equates to:
So what is the reason for using "2147483648" as a value, assuming 2147483648 represents seconds, and not milleseconds or the like? To have a permanent cookie? If so, then if I obtain a cookie today, I can use the same cookie tomorrow after a server reboot and perhaps there is no need to fetch cookies once you have a cookie for a particular user??
I've been studying the API for moonfire-nvr and doing some tests. I found that when I successfully login, I get a cookie back that has a Max-Age value of 2147483648. Here's an example of a call and its return:
command:
result:
A search for Max-Age reveals about 24 entries, five of which look to be of Scott's making, the others brought in by supporting modules and presumably by other authors.
I found searching for the value, it appears about 160 times in the tree:
The specifications at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie states:
The value of 2147483648, if it does represent seconds, equates to:
So what is the reason for using "2147483648" as a value, assuming 2147483648 represents seconds, and not milleseconds or the like? To have a permanent cookie? If so, then if I obtain a cookie today, I can use the same cookie tomorrow after a server reboot and perhaps there is no need to fetch cookies once you have a cookie for a particular user??