You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Greg Stark <gs...@mit.edu> on 2000/12/12 22:18:42 UTC
cookies cookies cookies
How do I reliably remove a cookie from a browser's memory? I've only just
begun to experiment but it seems if I set the cookie to "" or undef
Apache::ASP doesn't send the right headers to remove the cookie. (Actually
undef seems to corrupt the cookie). I could just write a handler to set the
header appropriately but I'm not even sure what I should be putting in the
header.
--
greg
Re: cookies cookies cookies
Posted by Greg Stark <gs...@mit.edu>.
John Hurst <jh...@avicatech.com> writes:
> At 01:47 PM 12/12/00, Joshua Chamas wrote:
> Greg Stark wrote:
> >
> > How do I reliably remove a cookie from a browser's memory?
>
> Then Josh said:
> > What about setting the cookie with an expires date in the past?
> > $Response->{Cookies}{YourCookie} = {
> > Value => '',
> > Expires => -86400,
> > };
Having actually gone and read the spec, yes you're supposed to set the expire
time to a time in the past. This apparently is true even if the original
cookie had no expire time. Leaving an interesting situation when you aren't
sure you can trust the clock on the browser...
> In most cases, this will only work for a cookie that is an _exact_
> match with the one you wish to expire. This is really hard to do
> if your code didn't write the cookie, since most browsers will use
> the 'path' and 'domain' values to evaluate exactness, but do not
> send those values to you in a request, obscuring them.
>
> While writing a cookie handling library, I found it necessary to
> trash my cookies file when things got weird, since writing code
> to remove cookies that were the result of bad code seemed a waste
> of time. Once it was stable it worked rather well, assuming that
> calls to the library were consistent about 'path' and 'domain'.
Well this is actually similar to my situation. I'm trying to remove cookies a
browser has picked up from a previous system and put in a new set of cookies.
This means I want to remove cookies regardless of what domain and path they
have. At least in my case there's only a finite set of possibilities.
> Unless you're required to use 'path', I recommend that you explicitly
> set 'path' to '/' on all set cookie operations, and similarly make
> use of a canonical 'domain' value. Then it will be easy to construct
> 'kill cookies'. Otherwise, you'll have to construct logic to determine
> the right 'path' and 'domain' for a particular cookie (yech).
In my experience the Path setting on cookies isn't supported on some browsers.
I suggest having all the pages that share a cookie actually use the same URL
prefix, preferably simply "/". Anything else, even if you're within the spec
won't work on some systems. (Notably some versions of one that shall remain
unnamed but it rhymes with "teevee".)
--
greg
Re: cookies cookies cookies
Posted by John Hurst <jh...@avicatech.com>.
At 01:47 PM 12/12/00, Joshua Chamas wrote:
Greg Stark wrote:
>
> How do I reliably remove a cookie from a browser's memory?
Then Josh said:
> What about setting the cookie with an expires date in the past?
> $Response->{Cookies}{YourCookie} = {
> Value => '',
> Expires => -86400,
> };
In most cases, this will only work for a cookie that is an _exact_
match with the one you wish to expire. This is really hard to do
if your code didn't write the cookie, since most browsers will use
the 'path' and 'domain' values to evaluate exactness, but do not
send those values to you in a request, obscuring them.
While writing a cookie handling library, I found it necessary to
trash my cookies file when things got weird, since writing code
to remove cookies that were the result of bad code seemed a waste
of time. Once it was stable it worked rather well, assuming that
calls to the library were consistent about 'path' and 'domain'.
Unless you're required to use 'path', I recommend that you explicitly
set 'path' to '/' on all set cookie operations, and similarly make
use of a canonical 'domain' value. Then it will be easy to construct
'kill cookies'. Otherwise, you'll have to construct logic to determine
the right 'path' and 'domain' for a particular cookie (yech).
-jh
Re: cookies cookies cookies
Posted by Joshua Chamas <jo...@chamas.com>.
Greg Stark wrote:
>
> How do I reliably remove a cookie from a browser's memory? I've only just
> begun to experiment but it seems if I set the cookie to "" or undef
> Apache::ASP doesn't send the right headers to remove the cookie. (Actually
> undef seems to corrupt the cookie). I could just write a handler to set the
> header appropriately but I'm not even sure what I should be putting in the
> header.
>
What about setting the cookie with an expires date in the past?
$Response->{Cookies}{YourCookie} = {
Value => '',
Expires => -86400,
};
-- Josh
_________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NodeWorks >> free web link monitoring Huntington Beach, CA USA
http://www.nodeworks.com 1-714-625-4051