C is for Cookie

[Damon Courtney <da...@tclhome.com>]

I notice that the 'cookie delete' command was removed from the docs, but it still exists in the cookie.tcl file.  Any particular reason?  I found it a nice and clean command for deleting a cookie instead of:

cookie set foo "" -minutes -1

Which just looks stupid. 0-]

Also, I have found something interesting as I'm writing some login / session management code.  If you set a cookie and then immediately redirect to another page (via header redirect), the cookie doesn't actually get passed to the browser.  So your cookie doesn't get set before redirecting to the next page.

That is, of course, unless you specify -path / EXPLICITLY!  Not sure why that is, but that's the deal.  If you specify -path /, the cookie will get passed along with the redirect header, and the browser will set it correctly before moving on.  The default behavior if no path is specified for a cookie is to use the path of the object that was requested.  Does anyone actually want this behavior??  It seems to me the smarter default is simply /.

I propose modifying the 'cookie set' command to default -path to / if none is specified, which would mean that people don't get bitten by this little idiosyncrasy in their own code, but they can still specify -path for a subdirectory if they really want to.  Also, I propose bringing back the docs for 'cookie delete' and making that command use -path / as the default as well.  Given those small changes, you can easily set or delete a cookie and immediately redirect to another page, and it will work as you expect.  I think this is what most people would expect the behavior to be anyway.  I know I did. 0-]

D
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org

Re: C is for Cookie

[Massimo Manghi <ma...@unipr.it>]

I don't remember I removed from the manual the entry for the 'delete' command.
I remember I commented out the entry related to a 'CookieDomain' command that
had the comment "not coded yet". 

2010-04-29 Massimo Manghi <mx...@apache.org>
...
    * doc/xml/session.xml: Commented line about a 'CookieDomain' command of
Session that appears to be non coded yet. To be added to the TODO file.

Since I was trying to get Rivet 2.0.0 released I wanted to have the manual as
clean as possible and I decided to set the problem aside and come back to it
once Rivet was out 

 -- Massimo

On Fri, 10 Sep 2010 14:36:40 -0500, Damon Courtney wrote
> I notice that the 'cookie delete' command was removed from the docs, 
> but it still exists in the cookie.tcl file.  Any particular reason?  
> I found it a nice and clean command for deleting a cookie instead of:
> 
> cookie set foo "" -minutes -1
> 
> Which just looks stupid. 0-]
> 
> Also, I have found something interesting as I'm writing some login / 
> session management code.  If you set a cookie and then immediately 
> redirect to another page (via header redirect), the cookie doesn't 
> actually get passed to the browser.  So your cookie doesn't get set 
> before redirecting to the next page.
> 
> That is, of course, unless you specify -path / EXPLICITLY!  Not sure 
> why that is, but that's the deal.  If you specify -path /, the 
> cookie will get passed along with the redirect header, and the 
> browser will set it correctly before moving on.  The default 
> behavior if no path is specified for a cookie is to use the path of 
> the object that was requested.  Does anyone actually want this 
> behavior??  It seems to me the smarter default is simply /.
> 
> I propose modifying the 'cookie set' command to default -path to / 
> if none is specified, which would mean that people don't get bitten 
> by this little idiosyncrasy in their own code, but they can still 
> specify -path for a subdirectory if they really want to.  Also, I 
> propose bringing back the docs for 'cookie delete' and making that 
> command use -path / as the default as well.  Given those small 
> changes, you can easily set or delete a cookie and immediately 
> redirect to another page, and it will work as you expect.  I think 
> this is what most people would expect the behavior to be anyway.  I 
> know I did. 0-]
> 
> D
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
> For additional commands, e-mail: rivet-dev-help@tcl.apache.org


--


---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org