Re: Unable to delete cookie

2014-09-26 Thread Tao Bojlen 
Interestingly, delete_cookie didn't add any headers at all when I added a 
domain - so that didn't work!

On Friday, September 26, 2014 7:09:37 PM UTC+1, Daniel Rus Morales wrote:
>
> Did you try to remove the last subdomain and call again delete_cookie? 
> Just curious.
>
> On 26 Sep 2014, at 19:56, Tao Bojlen > 
> wrote:
>
> I fixed this by using set_cookie() with a manually entered expiry date, 
> rather than delete_cookie(). Additionally, if I set the domain in Django, 
> it prefixed a period which meant that it didn't match the existing cookie. 
> I didn't enter a domain and it used the default, which worked.
>
>
> On Tuesday, September 23, 2014 6:09:57 PM UTC+1, Tao Bojlen wrote:
>>
>> Hi,
>>
>> I'm using a custom authentication backend for my Django project, and in 
>> order to log out I have to delete a cookie that's set by the (external) 
>> authentication site.
>> Here is my view code:
>>
>> response = django_logout(request,
>>  next_page=post_logout_url)
>> response.delete_cookie('cookie_name',
>> domain="cookie_domain")
>> return response
>>
>> The Set-Cookie header of the view is fine:
>> cookie_name=; Domain=cookie_domain; expires=Thu, 01-Jan-1970 00:00:00 
>> GMT; Max-Age=0; Path=/
>>
>> But the cookie isn't changed at all - it has the same value and expiry 
>> date ("end of session") as before logging out.
>>
>> Does anyone have any ideas about why this is happening?
>>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-users...@googlegroups.com .
> To post to this group, send email to django...@googlegroups.com 
> .
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-users/b0c48f1c-4757-4298-a0b0-ec960f185662%40googlegroups.com
>  
> <https://groups.google.com/d/msgid/django-users/b0c48f1c-4757-4298-a0b0-ec960f185662%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/c5643cc3-367d-476d-a2ef-e631465518ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Unable to delete cookie

2014-09-26 Thread Tao Bojlen 
 

I fixed this by using set_cookie() with a manually entered expiry date, 
rather than delete_cookie(). Additionally, if I set the domain in Django, 
it prefixed a period which meant that it didn't match the existing cookie. 
I didn't enter a domain and it used the default, which worked.


On Tuesday, September 23, 2014 6:09:57 PM UTC+1, Tao Bojlen wrote:
>
> Hi,
>
> I'm using a custom authentication backend for my Django project, and in 
> order to log out I have to delete a cookie that's set by the (external) 
> authentication site.
> Here is my view code:
>
> response = django_logout(request,
>  next_page=post_logout_url)
> response.delete_cookie('cookie_name',
> domain="cookie_domain")
> return response
>
> The Set-Cookie header of the view is fine:
> cookie_name=; Domain=cookie_domain; expires=Thu, 01-Jan-1970 00:00:00 GMT; 
> Max-Age=0; Path=/
>
> But the cookie isn't changed at all - it has the same value and expiry 
> date ("end of session") as before logging out.
>
> Does anyone have any ideas about why this is happening?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/b0c48f1c-4757-4298-a0b0-ec960f185662%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Unable to delete cookie

2014-09-24 Thread Tao Bojlen 
No, in order to log out they just ask that you delete the cookie and 
redirect to their logout page.

The domain of the cookie is the domain of my site, not the external 
authentication service. Could there still be same-origin issues?

Thanks,
Tao

On Wednesday, September 24, 2014 10:07:26 AM UTC+1, Daniel Rus Morales 
wrote:
>
> It sounds like you have a same-origin policy issue. If the external 
> authentication site and your site have different origins you can’t delete 
> their cookies with your responses. Does not the external authentication 
> site provide you with a method to logout?
>
> On 23 Sep 2014, at 19:09, Tao Bojlen > 
> wrote:
>
> Hi,
>
> I'm using a custom authentication backend for my Django project, and in 
> order to log out I have to delete a cookie that's set by the (external) 
> authentication site.
> Here is my view code:
>
> response = django_logout(request,
>  next_page=post_logout_url)
> response.delete_cookie('cookie_name',
> domain="cookie_domain")
> return response
>
> The Set-Cookie header of the view is fine:
> cookie_name=; Domain=cookie_domain; expires=Thu, 01-Jan-1970 00:00:00 GMT; 
> Max-Age=0; Path=/
>
> But the cookie isn't changed at all - it has the same value and expiry 
> date ("end of session") as before logging out.
>
> Does anyone have any ideas about why this is happening?
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-users...@googlegroups.com .
> To post to this group, send email to django...@googlegroups.com 
> .
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-users/1c643254-9800-4978-a236-a67d40cb973d%40googlegroups.com
>  
> <https://groups.google.com/d/msgid/django-users/1c643254-9800-4978-a236-a67d40cb973d%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/910dccb0-5251-4a5b-8273-b609532b3522%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Unable to delete cookie

2014-09-23 Thread Tao Bojlen 
Hi,

I'm using a custom authentication backend for my Django project, and in 
order to log out I have to delete a cookie that's set by the (external) 
authentication site.
Here is my view code:

response = django_logout(request,
 next_page=post_logout_url)
response.delete_cookie('cookie_name',
domain="cookie_domain")
return response

The Set-Cookie header of the view is fine:
cookie_name=; Domain=cookie_domain; expires=Thu, 01-Jan-1970 00:00:00 GMT; 
Max-Age=0; Path=/

But the cookie isn't changed at all - it has the same value and expiry date 
("end of session") as before logging out.

Does anyone have any ideas about why this is happening?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/1c643254-9800-4978-a236-a67d40cb973d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Possible bug: delete_cookie() causes malformed Set-Cookie header

2014-09-02 Thread Tao Bojlen 
Hi,

I'm trying to delete a cookie on user logout. The issue is that the 
Set-Cookie header in the response is malformed, and thus the cookie doesn't 
get deleted. This is the header:

Set-Cookie: "{{ cookie_name }}=; Domain={{ cookie_domain }}; expires=Thu, 
01-Jan-1970 00:00:00 GMT; Max-Age=0; 
Path=/sessionid=25lysb3tzhozv464mrgg08uqz100ur39; expires=Mon, 15-Sep-2014 
19:07:22 GMT; httponly; Max-Age=1209600; Path=/"
It looks like there should be some sort of division right before 
"sessionid=...". I've posted the view code on Stack Overflow if anyone wants to 
have a look: 
http://stackoverflow.com/questions/25611319/django-does-not-delete-cookie
Could this be an issue with my code, or perhaps a bug in Django?
Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/696cf5e3-afe5-47e4-9660-9b1dbde25a57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.