zohl
commented
7 years ago Hello,
The situation with time formats is confusing indeed. There are two different expiration times: one for a server and one for a client.
The first one must be present in encrypted cookies, so the server can check it for expiration. The way it is stored in cookies was determined by acsExpirationFormat. Now expiration time is serialized into a ByteString (it's faster and takes less bytes).
Another one might be stored as an attribute in cookies, so the browser will know, when to delete it. I didn't pay much attention to it's format, which resulted in not working function. Accidentally I found out that it has very specific format [1][2], and changed it from acsExpirationFormat to that one. To my defense, it seems that I'm not the only one who had problems finding this information :)
So, acsExpirationFormat field is no longer needed and you shouldn't worry about it.
As for tags, it's highly probable that I've messed up something. I'll try to fix them later, thank you for report!
The new release will be within a week, there will be no changes in API since the current master branch.
[1] https://en.wikipedia.org/wiki/HTTP_cookies#Expires_and_Max-Age [2] https://tools.ietf.org/html/rfc6265#section-5.1.1
kristoff3r
Hello,
First, thank you for your work on this package, it has worked well for me so far. However, I encountered some trouble when using
removeSession. Long story short, it didn't work because the expiration time was formatted wrongly, and it left me with some questions:Thanks in advance.