cookies cookies cookies

2000-12-12 Thread Greg Stark 


How do I reliably remove a cookie from a browser's memory? I've only just
begun to experiment but it seems if I set the cookie to "" or undef
Apache::ASP doesn't send the right headers to remove the cookie. (Actually
undef seems to corrupt the cookie). I could just write a handler to set the
header appropriately but I'm not even sure what I should be putting in the
header.

-- 
greg

Re: cookies cookies cookies

2000-12-12 Thread Joshua Chamas 

Greg Stark wrote:
 
 How do I reliably remove a cookie from a browser's memory? I've only just
 begun to experiment but it seems if I set the cookie to "" or undef
 Apache::ASP doesn't send the right headers to remove the cookie. (Actually
 undef seems to corrupt the cookie). I could just write a handler to set the
 header appropriately but I'm not even sure what I should be putting in the
 header.
 

What about setting the cookie with an expires date in the past?

$Response-{Cookies}{YourCookie} = {
  Value   = '',
  Expires = -86400,
};

-- Josh

_
Joshua Chamas   Chamas Enterprises Inc.
NodeWorks  free web link monitoring   Huntington Beach, CA  USA 
http://www.nodeworks.com1-714-625-4051

Re: cookies cookies cookies

2000-12-12 Thread John Hurst 

At 01:47 PM 12/12/00, Joshua Chamas wrote:
Greg Stark wrote:
 
  How do I reliably remove a cookie from a browser's memory?

Then Josh said:
  What about setting the cookie with an expires date in the past?
  $Response-{Cookies}{YourCookie} = {
Value   = '',
Expires = -86400,
  };

In most cases, this will only work for a cookie that is an _exact_
match with the one you wish to expire. This is really hard to do
if your code didn't write the cookie, since most browsers will use
the  'path' and 'domain' values to evaluate exactness, but do not
send those values to you in a request, obscuring them.

While writing a cookie handling library, I found it necessary to
trash my cookies file when things got weird, since writing code
to remove cookies that were the result of bad code seemed a waste
of time. Once it was stable it worked rather well, assuming that
calls to the library were consistent about 'path' and 'domain'.

Unless you're required to use 'path', I recommend that you explicitly
set 'path' to '/' on all set cookie operations, and similarly make
use of a canonical 'domain' value. Then it will be easy to construct
'kill cookies'. Otherwise, you'll have to construct logic to determine
the right 'path' and 'domain' for a particular cookie (yech).

-jh