subject:"Re\: Deleting a cookie"

Re: Deleting a cookie

2001-11-27 Thread Mohit Agarwal


On Tue, 27 Nov 2001, Jon Robison wrote:

 My only problem is that I want to provide the users with a logout
 button which will delete the cookie from thier browser, yet I cannot
 find how!.  I have reviewed every module on my system with 'Cookie'
 in the name (Apache::Cookie, CGI::Cookie, etc.) and nowhere does it
 tell how to do this. There is a small mention of changing the
 expiration to  0, but apparently I am doing it wrong (possible
 confusing point is the use of an 'expires' value in the cookie
 itself, seperate, I think, from the 'expires' attribute on the
 cookie?)

Never tried the negative value for expiration time, but setting it to
a very small value, say 1s, works.  I'm not sure, but setting the
cookie value to null should also have the same effect.

Re: Deleting a cookie

2001-11-27 Thread Mithun Bhattacharya


Mohit Agarwal wrote:
 


 Never tried the negative value for expiration time, but setting it to
 a very small value, say 1s, works.  I'm not sure, but setting the
 cookie value to null should also have the same effect.


I believe setting the expiry date less than the current time should
work.



Mithun

Re: Deleting a cookie

2001-11-27 Thread Nick Tonkin



Expiring the cookie works well for me. Here's what I have:

sub handler {

[ ... ]

if ($r-uri =~ /logout/) {
if (my $cookie = destroy_cookie($r)) {
return logout_screen($r);
} else {
return 500;
}
}

[ ... ]

}

sub destroy_cookie {
my $r = shift;

# you may or may not be using this
my $auth_domain = $r-dir_config('Auth_Domain');
 
my $cookie =  Apache::Cookie-new(
$r,
expires = -24h,
domain  = $auth_domain,
name= 'auth', # whatever you've called it
path= '/',
value   = ''
);
   
$cookie-bake;
return $cookie;
}

sub logout_screen {

[ ... ]

}

1;


~~~
Nick Tonkin

On Tue, 27 Nov 2001, Jon Robison wrote:

 I have created a login system using the wonderful Ticket system from the
 Eagle book.  I have modified TicketAccess so that after authentication,
 it reviews the arguments in the query string and does push_handler, the
 handler being chosen based on the args.
 
 My only problem is that I want to provide the users with a logout button
 which will delete the cookie from thier browser, yet I cannot find how!.
 I have reviewed every module on my system with 'Cookie' in the name
 (Apache::Cookie, CGI::Cookie, etc.) and nowhere does it tell how to do
 this. There is a small mention of changing the expiration to  0, but
 apparently I am doing it wrong (possible confusing point is the use of
 an 'expires' value in the cookie itself, seperate, I think, from the
 'expires' attribute on the cookie?)
 
 I know it is a lot to ask, but I am relatively new to this part of
 mod_perl (pushing handlers, etc.), so if anyone can look at this and
 replace my BLOCKED comments with a couple of helpfull lines, I would
 greatly appreciate it! 
 
 Thanks in advance - 
 
 Jonathon Robison
 
 
 Below is my modified TicketAccess, as well as the Logout module I am
 re-directing to for logout action:
 =
 package FES::Apache::TicketAccess;
 
 use strict;
 use Apache::Constants qw(:common);
 use FES::Apache::TicketTool ();
 
 sub handler {
 my $r = shift;
   my %input = $r-args;  
 # for checking input items
 my $ticketTool = FES::Apache::TicketTool-new($r);
 my($result, $msg) = $ticketTool-verify_ticket($r);
 unless ($result) {
   $r-log_reason($msg, $r-filename);
   my $cookie = $ticketTool-make_return_address($r);
   $r-err_headers_out-add('Set-Cookie' = $cookie);
   return FORBIDDEN;
 }
   ## Here is where we need to insert a push_handler insert. I won't need
   ## the requested uri from the $r, since the $r goes along for the ride
 in## push_handler
 
   my $action = defined $input{'act'} ? $input{'act'} : 'view';
 
   print STDERR action is defined as $action\n;  ## DEBUGGING
 
   if ($action eq 'logout')  {
   $r-push_handlers('PerlHandler' = 'FES::Control::Logout');
   return OK;
   } elsif ($action eq 'view') {
   $r-push_handlers('PerlHandler' = 'FES::Control::View');
   return OK;
   }   else {
   $r-push_handlers('PerlHandler' = 'FES::Control::View');
   return OK;
   }
## ARE THOSE THE CORRECT THINGS TO 'RETURN' FOR THESE CASES?
  
 }
 
 1;
 ==
 
 And the Logout.pm:
 
 =
 package FES::Control::Logout;
 
 use strict;
 use Apache;
 use Apache::Constants qw(:common);
 use FES::Common::Common qw( header footer);
 use CGI qw/:standard/;
 use CGI::Cookie;
 
 sub handler {
   my $r = shift;
   my $q = new CGI;
   my $ticket = _get_ticket('r' = $r);
 
 ## HERE IS WHERE I NEED TO 1.) DELETE USER'S TICKET COOKIE AND
 ## 2.) REDIRECT THEM TO /FES (w/o bringing old
 $r),(WHERE THEY SHOULD GET
 ## A NEW LOGIN SCREEN BECAUSE COOKIE IS
 GONE.)
 
 }
 
 sub _get_ticket {
   my $args = {
   'r' = undef,
   @_
   };
   my $r = $args-{'r'};
   my %cookies = CGI::Cookie-parse($r-header_in('Cookie'));
 # TESTING
   my %ticket = $cookies{'Ticket'}-value;  # TESTING
   return \%ticket;
 }
 
 1;
 =

Re: Deleting a cookie

2001-11-27 Thread Mark Maunder


Jon Robison wrote:

 I have created a login system using the wonderful Ticket system from the
 Eagle book.  I have modified TicketAccess so that after authentication,
 it reviews the arguments in the query string and does push_handler, the
 handler being chosen based on the args.

 My only problem is that I want to provide the users with a logout button
 which will delete the cookie from thier browser, yet I cannot find how!.

Jon,

I had the same problem and could not succesfully delete the cookie from all browsers 
(IE, Netscape, Konqueror, Lynx, Opera etc.). I eventually solved
it by keeping the existing (session) cookie which was assigned when the user first 
logged in, but marking the user as logged out on the server side.
i.e. associate a user cookie with session data stored in a database, and instead of 
deleting the cookie on the client side, just set something on the
server side session information that marks the user as having logged out. If the user 
then logs in again, just reuse the same cookie and mark the user
as having logged in. This way you only have to assign an authentication cookie once 
per browser session.

This may be tough to drop into TicketTool because IIRC it stores the authentication 
info in the cookie itself, rather than a server side session it
associates with a cookie. Not very helpful, but it's another approach. I'd like to 
hear if you get it working across various browsers by expiring the
cookie - for future ref.

~mark

Re: Deleting a cookie

2001-11-27 Thread Hans Poo


El Mar 27 Nov 2001 10:21, Jon Robison escribió:
 I have created a login system using the wonderful Ticket system from the
 Eagle book.  I have modified TicketAccess so that after authentication,
 it reviews the arguments in the query string and does push_handler, the
 handler being chosen based on the args.

 My only problem is that I want to provide the users with a logout button
 which will delete the cookie from thier browser, yet I cannot find how!.
 I have reviewed every module on my system with 'Cookie' in the name
 (Apache::Cookie, CGI::Cookie, etc.) and nowhere does it tell how to do
 this. There is a small mention of changing the expiration to  0, but
 apparently I am doing it wrong (possible confusing point is the use of
 an 'expires' value in the cookie itself, seperate, I think, from the
 'expires' attribute on the cookie?)

 I know it is a lot to ask, but I am relatively new to this part of
 mod_perl (pushing handlers, etc.), so if anyone can look at this and
 replace my BLOCKED comments with a couple of helpfull lines, I would
 greatly appreciate it!

 Thanks in advance -

 Jonathon Robison


 Below is my modified TicketAccess, as well as the Logout module I am
 re-directing to for logout action:
 =
 package FES::Apache::TicketAccess;

 use strict;
 use Apache::Constants qw(:common);
 use FES::Apache::TicketTool ();

 sub handler {
 my $r = shift;
   my %input = $r-args;  
 # for checking input items
 my $ticketTool = FES::Apache::TicketTool-new($r);
 my($result, $msg) = $ticketTool-verify_ticket($r);
 unless ($result) {
   $r-log_reason($msg, $r-filename);
   my $cookie = $ticketTool-make_return_address($r);
   $r-err_headers_out-add('Set-Cookie' = $cookie);
   return FORBIDDEN;
 }
   ## Here is where we need to insert a push_handler insert. I won't need
   ## the requested uri from the $r, since the $r goes along for the ride
 in## push_handler

   my $action = defined $input{'act'} ? $input{'act'} : 'view';

   print STDERR action is defined as $action\n;  ## DEBUGGING

   if ($action eq 'logout')  {
   $r-push_handlers('PerlHandler' = 'FES::Control::Logout');
   return OK;
   } elsif ($action eq 'view') {
   $r-push_handlers('PerlHandler' = 'FES::Control::View');
   return OK;
   }   else {
   $r-push_handlers('PerlHandler' = 'FES::Control::View');
   return OK;
   }
## ARE THOSE THE CORRECT THINGS TO 'RETURN' FOR THESE CASES?

 }

 1;
 ==

 And the Logout.pm:

 =
 package FES::Control::Logout;

 use strict;
 use Apache;
 use Apache::Constants qw(:common);
 use FES::Common::Common qw( header footer);
 use CGI qw/:standard/;
 use CGI::Cookie;

 sub handler {
   my $r = shift;
   my $q = new CGI;
   my $ticket = _get_ticket('r' = $r);

 ## HERE IS WHERE I NEED TO 1.) DELETE USER'S TICKET COOKIE AND
 ## 2.) REDIRECT THEM TO /FES (w/o bringing old
 $r),(WHERE THEY SHOULD GET
 ## A NEW LOGIN SCREEN BECAUSE COOKIE IS
 GONE.)

 }

 sub _get_ticket {
   my $args = {
   'r' = undef,
   @_
   };
   my $r = $args-{'r'};
   my %cookies = CGI::Cookie-parse($r-header_in('Cookie'));
 # TESTING
   my %ticket = $cookies{'Ticket'}-value;  # TESTING
   return \%ticket;
 }

 1;
 =

Set it again with an expiration time of 'now', i actually use it with CGI.pm

You  can send it with a custom invalid value, like 'invalidated', and take 
apropriate actions.

Hans Poo

Re: Deleting a cookie

Re: Deleting a cookie

Re: Deleting a cookie

Re: Deleting a cookie

Re: Deleting a cookie

5 matches

Site Navigation

Mail list logo

Footer information