On Feb 14, 2014, at 10:30 AM, peter p2.edoc@gmail.com wrote:
as the session start time is encoded inside the cookie
No, it isn't. The session start time is used as a source of entropy to help make the session cookie secure. But the session cookie is an MD5 hash, and so you can’t get any information out of it.
i suspect that you are using your model where you make the session-DB itself (the alist) persistent.
Yes. Of course.
i am not allowed to do this
Then you need to change the way that HT generates cookies so that they contain all the information you need in a way that allows you to extract it. Right now they don’t.
(I’m a little surprised that you’re not allowed to do this. I have a hard time imagining how you could write a useful application without being allowed to write to non-volatile storage.)
rg