Skip to comments.
HTTP Cookies Experts? Please look inside...
Posted on 07/09/2002 6:48:39 AM PDT by John Robinson
In the new software update, I've implemented a small routine to clear out old Free Republic cookies that had probably been piling up. For purposes of evaluation, I log the name of the cookie and its value before clearing it.
Okay, first problem: the cookies are not getting cleared for everyone. Some people keep dragging back their old cookies, over and over again. The HTTP header which is set for each cookie is: Set-Cookie: [name_of_cookie]=; path=/; expires=[standard http date "right now"]
This works fine for every browser I have tested. But it doesn't work for a significant number of people. Maybe a clock problem, maybe what I'm setting is a future time to the user, so maybe I need to set the expiration date to, oh, 1980. Or could it be a cookie domain problem? If the cookie was set in the freerepublic.com domain, would it be overridden by a cookie in the www.freerepublic.com domain? (Btw, I've had great difficulty getting this domain issue resolved, but that is a whole 'nother issue.)
But the real strange problem, which I have not figured out, is why certain browsers are giving me cookies obviously set by other sites! I know I shouldn't be able to read these cookies, FreeRepublic never set them, and my cookie expiration routine isn't clearing them. Is this some type of browser bug?
TOPICS: Focus Software
KEYWORDS: httpcookies
Navigation: use the links below to view more comments.
first 1-20, 21-29 next last
Completely bewildered. No... cookies suck.
To: John Robinson
I have seen people making cookies expire by setting a 1980 year just to be sure.
2
posted on
07/09/2002 6:54:14 AM PDT
by
smith288
To: John Robinson
Oh, and third problem. The payload of some cookies are getting zapped, but cookie crumbs are coming back to haunt me. A user has an ID2 cookie equal to some string. It is cleared. Their next requests log an ID2 cookie with no value.
If there is a time issue (future expires) I would have to assume this is an indicator.
To: smith288
also, i noticed the cookies arent read if you go
freerepublic.com
instead of
www.freerepublic.com
Do you set a cookie like this? .freerepublic.com
that should take care of any sub shouldnt it?
4
posted on
07/09/2002 6:57:01 AM PDT
by
smith288
To: smith288
Do you happen to know if the day of week is a required field in the date? Does 01-Jan-1980 00:00:00 GMT work? Or do I need to whip out a calendar? (Gee, hope I saved one. :-)
To: smith288
No, I've set a cookie with a .freerepublic.com (double-dot) domain, and it didn't register for some browsers. So I set it with a freerepublic.com (single-dot) domain, and it didn't register for others! Still, for others, it didn't register if the user had came to
http://www.FreeRepublic.com (mixed case.)
@(
*@&@&^!!!!!
I'm not setting the domain, just using the default. And that seems to work. I think.
To: John Robinson
That was a Tuesday, btw.
To: John Robinson
yours works (should, theoretically)
8
posted on
07/09/2002 7:09:12 AM PDT
by
smith288
To: John Robinson
cant you use a lowercase() function to just read and write them?
9
posted on
07/09/2002 7:10:01 AM PDT
by
smith288
To: smith288
I have to assume this is a brain-damaged browser issue. The saving of cookies takes place within the browser, and it is the browser that compares the cookie domain to the location URL, and rejects the cookie if the cookie domain doesn't match the location URL. It's something like MSIE 3.x that has this problem, so not too widespread. The other issue, the one with the double dots, I think is an MSIE 4.x or NS4.x issue, I believe they handle the situation completely different, and in an incompatible way.
I may end up having to cut off the people hanging on to ancient technology. We still get an occassional Netscape 2.x visitor. (I've seen 1.x too.) Just too many bugs an inconsistencies.
To: smith288
Some of my cookie woes may be rooted in broken third-party cookie managers or cookie nibbling firewalls.
And, last time I researched this problem, I found too many messages on too many boards noting the many problems with cookies in the many different browser implementations and the many different versions of each.
To: John Robinson
From all I can tell,
cookname=cookval; path=/; domain=.freerepublic.com
should work based on my research... You are saying that IE4 and NS4 dont deal well with that?
12
posted on
07/09/2002 7:32:37 AM PDT
by
smith288
To: smith288
Thanks for checking this out for me.
I may be wrong in saying NS4/MSIE4, I'll have to dig up my notes. *Somebody* certainly has a problem with the double dots, however. When I last used that several years ago, I received a rash of reports, people unable to log in. I was able to reproduce the problem, it was definately a brain-damaged browser issue. MAYBE it was Opera. (MAYBE it doesn't matter anymore?)
To: smith288
Okay, I'm setting .freerepublic.com on all expired cookies. We'll see how many people can't log off now. :-)
To: smith288
Still, people are coming back with the same cookies even after they've supposedly been "expired" with the double-dot .freerepublic.com
To: John Robinson
Im using NS4 right now and not getting the results that my research has otherwise said was true. What the....
16
posted on
07/09/2002 7:58:34 AM PDT
by
smith288
To: smith288
Mind if I watch your HTTP headers?
To: John Robinson
sure...one sec
18
posted on
07/09/2002 8:07:16 AM PDT
by
smith288
To: John Robinson
Ok, this is NS4.78
19
posted on
07/09/2002 8:07:53 AM PDT
by
smith288
To: smith288
You have mail.
Navigation: use the links below to view more comments.
first 1-20, 21-29 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson