Hacker News new | past | comments | ask | show | jobs | submit login

Really? Could you try actually reading what I've written?

    impossible to revoke without somehow maintaining a list of valid or invalid cookies
Completely true. A minimum date like you are saying is still "some kind of list of valid or invalid cookies". Or are you going to get into the semantics of "that's not a list"? As an example of something that you can't do without tying a database into it, I've seen sites that let you log individual computers out of the system from your account page. No way to do that without a valid/not valid check in the DB.

Values are values whether or not they are in a db. It is situation dependant and probably not (happily) manageable in a large scale application. Saying things are "impossible" with such a heavy hand is a bit over the top. If my cookies have a date that is valid, then I can easily keep that bit of nasty logic in the code. I wouldn't do that personally, but it is doable. Take it easy :)

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact