什麼是auth_tkt cookie格式？

Question

Apache模塊auth_tkt創建身份驗證cookie，可以通過密碼驗證，以便Web服務器無需諮詢數據庫即可生成REMOTE_USER。什麼是auth_tkt餅乾的規格？

Answer 1

從內http://www.openfusion.com.au/labs/dist/mod_auth_tkt/mod_auth_tkt-2.1.0.tar.gz

Cookie Format 

The TKTAuthCookieName cookie is constructed using following algorithm:` 

('+' is concatenation operation) 

cookie := digest + hextimestamp + user_id + '!' + user_data 

or if using tokens: 

cookie := digest + hextimestamp + user_id + '!' + token_list + '!' + user_data 

digest := MD5(digest0 + key) 

digest0 := MD5(iptstamp + key + user_id + '\0' + token_list + '\0' + user_data) 

iptstamp is a 8 bytes long byte array, bytes 0-3 are filled with 
client's IP address as a binary number in network byte order, bytes 
4-7 are filled with timestamp as a binary number in network byte 
order. 

hextimestamp is 8 character long hexadecimal number expressing 
timestamp used in iptstamp. 

token_list is an optional comma-separated list of access tokens 
for this user. This list is checked if TKTAuthToken is set for a 
particular area. 

user_data is optional