Hi all,

I've got a web application I'm working on for the boss at work. In this application I'm creating cookies and at the end of the session upon logout I'm deleting said cookies. The thing works wonderfully when the user is using Netscape or Mozilla, but the cookie isn't being deleted if the user is using Internet Explorer. Is there something special about the way this browser handles cookies that I'm not aware of and should code for?

Mark

: I've got a web application I'm working on for the boss at work. In
: this application I'm creating cookies and at the end of the session
: upon logout I'm deleting said cookies. The thing works wonderfully
: when the user is using Netscape or Mozilla, but the cookie isn't
: being deleted if the user is using Internet Explorer. Is there
: something special about the way this browser handles cookies that
: I'm not aware of and should code for?
What are you doing to delete the cookie?

Jonathan


###
for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
(tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
/(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

: : I've got a web application I'm working on for the boss at work. In
: : this application I'm creating cookies and at the end of the session
: : upon logout I'm deleting said cookies. The thing works wonderfully
: : when the user is using Netscape or Mozilla, but the cookie isn't
: : being deleted if the user is using Internet Explorer. Is there
: : something special about the way this browser handles cookies that
: : I'm not aware of and should code for?
: What are you doing to delete the cookie?

Hi Jon,

I'm recreating the cookie and setting the expires date to 12-31-1970. Works wonderfully in Mozilla and Netscape, but IE seems to just ignore the new cookie and holds on to the old one. i've noticed Konqueror in Linux does the same thing.

Mark

: I'm recreating the cookie and setting the expires date to 12-31-
: 1970. Works wonderfully in Mozilla and Netscape, but IE seems to
: just ignore the new cookie and holds on to the old one. i've noticed
: Konqueror in Linux does the same thing.
I wonder if they don't like the prior date. Try setting them to empty and not specifying a date.

Jonathan


###
for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
(tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
/(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

: : I'm recreating the cookie and setting the expires date to 12-31-
: : 1970. Works wonderfully in Mozilla and Netscape, but IE seems to
: : just ignore the new cookie and holds on to the old one. i've noticed
: : Konqueror in Linux does the same thing.
: I wonder if they don't like the prior date. Try setting them to empty and not specifying a date.
:
: Jonathan

So, instead of setting an expires date in the past just reset the values in the cookie to null, or "" ( empty string )? I'll give that a shot and see what happens, but I'm don't understand why that would "delete" the cookie. Any thoughts? I'm still somewhat new to cookies. I know making them is a breeze using CGI::Cookies, but that mod doesn't appear to provide a real clear way of getting rid of them when you're done with them. For this particular app that is a must.

Mark

: : : I'm recreating the cookie and setting the expires date to 12-31-
: : : 1970. Works wonderfully in Mozilla and Netscape, but IE seems to
: : : just ignore the new cookie and holds on to the old one. i've noticed
: : : Konqueror in Linux does the same thing.
: : I wonder if they don't like the prior date. Try setting them to empty and not specifying a date.
: :
: : Jonathan
:
: So, instead of setting an expires date in the past just reset the
: values in the cookie to null, or "" ( empty string )? I'll give that
: a shot and see what happens, but I'm don't understand why that
: would "delete" the cookie. Any thoughts? I'm still somewhat new to
: cookies. I know making them is a breeze using CGI::Cookies, but that
: mod doesn't appear to provide a real clear way of getting rid of
: them when you're done with them. For this particular app that is a
: must.
Sorry it's been a while...I got sick. Setting the cookie value to empty and not specifying a date should immediately remove any data stored in the cookie, and also turns it into a session cookie so it is destroyed when the browser is closed. I know that doesn't provide immediate deletion, mind.

Other suggestions I've heard are to set expires to now; the prior date thing doesn't seem to be working for you, which is curious as in theory it should.

Jonathan

###
for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
(tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
/(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

: : : : I'm recreating the cookie and setting the expires date to 12-31-
: : : : 1970. Works wonderfully in Mozilla and Netscape, but IE seems to
: : : : just ignore the new cookie and holds on to the old one. i've noticed
: : : : Konqueror in Linux does the same thing.
: : : I wonder if they don't like the prior date. Try setting them to empty and not specifying a date.
: : :
: : : Jonathan
: :
: : So, instead of setting an expires date in the past just reset the
: : values in the cookie to null, or "" ( empty string )? I'll give that
: : a shot and see what happens, but I'm don't understand why that
: : would "delete" the cookie. Any thoughts? I'm still somewhat new to
: : cookies. I know making them is a breeze using CGI::Cookies, but that
: : mod doesn't appear to provide a real clear way of getting rid of
: : them when you're done with them. For this particular app that is a
: : must.
: Sorry it's been a while...I got sick. Setting the cookie value to empty and not specifying a date should immediately remove any data stored in the cookie, and also turns it into a session cookie so it is destroyed when the browser is closed. I know that doesn't provide immediate deletion, mind.
:
: Other suggestions I've heard are to set expires to now; the prior date thing doesn't seem to be working for you, which is curious as in theory it should.
:
: Jonathan

Hi Jonathan,

No problem about how long. Hope you're feeling better.

Actually the part about setting it to a prior date in history works great if the user is running Mozilla or Netscape, but if the user is running Internet Explorer deleting the cookie appears to be being totally ignored. As though IE refuses to let go of the cookie. Thats why I was wondering if when you're programming and using cookies one would have to make special methods to deal with cookies and Internet Explorer.

It really pains me that they don't follow the W3C web coding standards and just take off in their own direction.

Any thoughts?

Mark

Hi,

: No problem about how long. Hope you're feeling better.
A little...thanks.

: Actually the part about setting it to a prior date in history works
: great if the user is running Mozilla or Netscape, but if the user is
: running Internet Explorer deleting the cookie appears to be being
: totally ignored. As though IE refuses to let go of the cookie. Thats
: why I was wondering if when you're programming and using cookies one
: would have to make special methods to deal with cookies and Internet
: Explorer.
My next question is does IE let go of a cookie if you set an already passed expiration date, then exit IE, then start it again? My suggestion is you nullify the cookie (like I said before) then set it to have an already passed expiration. That way you get immediate destruction in those browsers that work that way, and for those that don't the original data is gone anyway, you've just got any empty cookie that is destroyed at browser exist.

: It really pains me that they don't follow the W3C web coding
: standards and just take off in their own direction.
I'm not entirely sure whether the standards mandate immediate destruction, or just destruction on browser exist. Wouldn't this be in one of the HTTP RFCs rather than a W3C one? I'll take a peek if I get a chance...

Jonathan

###
for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
(tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
/(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

: I'm not entirely sure whether the standards mandate immediate
: destruction, or just destruction on browser exist. Wouldn't this be
: in one of the HTTP RFCs rather than a W3C one? I'll take a peek if
: I get a chance...
I got a chance and peeked at RFC 2109:-
http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html
It doesn't mention the Expires header, and I'm struggling to find an RFC that does mention it, though it may well be out there. It does mention a max-age parameter, and states that:-

"If a user agent receives a Set-Cookie response header whose NAME is the same as a pre-existing cookie, and whose Domain and Path attribute values exactly (string) match those of a pre-existing cookie, the new cookie supersedes the old. However, if the Set- Cookie has a value for Max-Age of zero, the (old and new) cookie is discarded. Otherwise cookies accumulate until they expire (resources permitting), at which time they are discarded."

And later:-

"Cookies that have expired should have been discarded and thus are not forwarded to an origin server."

So if expires is just another layer over Max-Age then IE is not doing the right thing, as you suggested. Just by an RFC, not a W3C standard. But it doesn't follow enough of those either. <grins>

Could always try the Max-Age thing. Also check the format of the expiry you supply is correct.

Hope this helps,

Jonathan

###
for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
(tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
/(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

: : I'm not entirely sure whether the standards mandate immediate
: : destruction, or just destruction on browser exist. Wouldn't this be
: : in one of the HTTP RFCs rather than a W3C one? I'll take a peek if
: : I get a chance...
: I got a chance and peeked at RFC 2109:-
: http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html
: It doesn't mention the Expires header, and I'm struggling to find an RFC that does mention it, though it may well be out there. It does mention a max-age parameter, and states that:-
:
: "If a user agent receives a Set-Cookie response header whose NAME is the same as a pre-existing cookie, and whose Domain and Path attribute values exactly (string) match those of a pre-existing cookie, the new cookie supersedes the old. However, if the Set- Cookie has a value for Max-Age of zero, the (old and new) cookie is discarded. Otherwise cookies accumulate until they expire (resources permitting), at which time they are discarded."
:
: And later:-
:
: "Cookies that have expired should have been discarded and thus are not forwarded to an origin server."
:
: So if expires is just another layer over Max-Age then IE is not doing the right thing, as you suggested. Just by an RFC, not a W3C standard. But it doesn't follow enough of those either. <grins>
:
: Could always try the Max-Age thing. Also check the format of the expiry you supply is correct.
:
: Hope this helps,
:
: Jonathan

Hi Jonathan,

As always... good, clear, consice information. Thanks a bunch. I'll implement this and let you know who it turns out.
--
Mark
"If I can't code I'm not going to be a happy camper!"