that causes other trouble. In particular, you’d get that annoying
<blockquote>
The page that you’re looking for used information that you
- entered. Returning to hat page might cause any action that you took to be
- repeated.
+ entered. Returning to that page might cause any action that you took
+ to be repeated.
</blockquote>
message whenever you hit the reload button.
<p>If you actually look at the cookie, you find that it looks something like
this:
<blockquote>
- <tt>1357322139.HFsD16dOh1jjdhXdO%24gkjQ.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt>
+ <tt>1357322139.eBcBNYFhi6sKpGuahfr7yQDzqOJuYZZexJbVug9ultU.mdw</tt>
</blockquote>
-(Did I say something about long and ugly?) It consists of four pieces
+(Did I say something about long and ugly?) It consists of three pieces
separated by dots ‘<tt>.</tt>’.
<dl>
<dt>Datestamp
<dd>The time at which the cookie was issued, as a simple count of (non-leap)
-seconds since 1974–01–01 00:00:00 UTC (or what would have been
+seconds since 1970–01–01 00:00:00 UTC (or what would have been
that if UTC had existed back then in its current form).
-<dt>Nonce
-<dd>This is just a random string. When you change a password, the server
-checks that the request includes a copy of this nonce, as a protection
-against
-<a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery"><em>cross-site
-request forgery</em></a> attacks.
-
<dt>Tag
<dd>This is a cryptographic check that the other parts of the token
haven’t been modfied by an attacker.
<p>That’s tricky. I could tell you that this program is
<a href="http://www.gnu.org/philosophy/free-sw.html">free software</a>, and
that you can
-<a href="~={script}H/~={package}H-~={version}H.tar.gz">">download its
+<a href="~={script}H/~={package}H-~={version}H.tar.gz">download its
source code</a> and check for yourself.
<p>That’s true, except that it shouldn’t do much to convince
~mdw / chopwood / blobdiff