Forums Register Login

Cookie will not die

+Pie Number of slices to send: Send
What do I have to do to delete a cookie?
I tried:
loginCookie.setMaxAge(0);
loginCookie.setValue("");
response.addCookie(loginCookie);
The cookie is sent in the response and with the values I have sent, but the browser sends it back to the host on subsequent http requests. It seems the browser is reviving my cookie (?)
How to kill this cookie for good?
+Pie Number of slices to send: Send
I'm no expert on cookies, but I think I've had the same or similar situation where I'd expire a cookie and it would take a while for it to die. After fooling around with the system clock om my computer, I figured out that if the (client's) computer's time is running behind the server's, the cookie will still be alive and chirping, long after you buried it . . .
The reason for this is that you don't delete cookies, only expire them. When you code loginCookie.setMaxAge(0); all you're doing is setting the cookies expiration time to the current time on the server. If the client's computer is running slower, it won't realize that the cookie is supposed to be expired and it'll still get sent back on the next request . . .
However you can still identify these dead cookies (ghosts ???), by altering its contents the same time you're expiring it. In fact you're already doing that, loginCookie.setValue("");. Thus, even if you find the cookie in the clients request, if its value is blank you know it's dead . . .
Hope this helps . . . .
[ December 03, 2002: Message edited by: Mayer Salzer ]
+Pie Number of slices to send: Send
another way to deal with this is to set the expiry date sufficiently in the past - say 30 days - to guarantee that it is deleted. I dont know any browser that has a problem with that.
+Pie Number of slices to send: Send
Garrett,
You can also of course invalidate the session that the cookie is maintaining state for, then who cares if the cookie wont die!
javax.servlet.http
Interface HttpSession
public void invalidate()
Invalidates this session then unbinds any objects bound to it.
+Pie Number of slices to send: Send
Chanoch,
Setting the expiration date to the past (by passing a negative number to the 'setMaxAge' method) does not work the way you would expect it to. Instead, when you set the expiration date to any negative number, the cookie gets treated like a 'session cookie' which means it gets deleted (on the client's side) when the browser is closed - not before then. If the user doesn't close the browser the cookie is still alive and well. Try it yourself and see how it works.

Thomas,
Invalidating the session is a good solution if you're dealing with session cookies (tracks the session id for each session). However, we're talking about regular cookies. These things are used to maintain state long after the session is gone. They're totally independent of sessions. . .
+Pie Number of slices to send: Send
Hello,
Use loginCookie.setMaxAge(1); instead of loginCookie.setMaxAge(0);
It was bothering me for a while and someone told me of this trick. try and let me know
+Pie Number of slices to send: Send
 

Originally posted by Servin Park:

Use loginCookie.setMaxAge(1); instead of loginCookie.setMaxAge(0)


I tried it, it makes no difference . . . (it actually prolongs the life of the cookie for one more second). If the time on the clients computer is running behind the server, the cookie will still not be expired, until the client's clock catches up . . .
+Pie Number of slices to send: Send
I found that the problem only happens in Mozilla, so I filed a bugzilla report. It seems that they look for the expires part of the cookie, not the maxAge. Mozilla should look to maxAge first, and then expires. Instead it says "oh, expires= [a long time in the future], so let's keep the cookie," and does not even check the maxAge.
Cookies were developed by netscape. It's no wonder they're such a pain in the .
...giving myself carpal tunnel over someone else's bugs...

BTW, invalidating the session is not the way to delete cookies.
+Pie Number of slices to send: Send
Oh, this problem came back, or maybe never went away.
I notice in IE the problem is a little different.
Case:
1) login to dhtmlkitchen.com checking "Auto Login"
2) logout calls Logout.java (doGet)
3) quit browser
4) open browser
5) be automatically logged in. (should not happen).
After 2)Logout is run, the cookie is not deleted. I know this because I
can see the cookie:

javascript:alert(document_dot_cookie) // replace '_dot_' with '.'
The relevant lines of Logout.java:


An exception is thrown and printed to my browser if I uncomment this: // throw new ServletException("Logout.java login coookie deletion in process: "+ loginCookie);
javax.servlet.ServletException: Logout.java login coookie deletion in process: javax.servlet.http.Coookie@2108e0
So the coookie exists. What am I doing wrong here? Why does deletion
fail?
[ December 21, 2002: Message edited by: Garrett Smith ]
Something must be done about this. Let's start by reading this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 4221 times.
Similar Threads
why cookies getMaxAge method return -1
payment gateway integration
Cookie question
What would be a proper way of reading a cookie in JSP
Doubt regarding the cookies.
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 29, 2024 00:03:42.