[Catalyst] Manipulating CGI cookie via Catalyst

Mitch Jackson perimus at gmail.com
Mon Jun 2 15:58:00 BST 2008 

> I can delete the cookie which was previously set by the Catalyst app
> (testcookie), but I still can't delete the cookie which was previously set
> by the PHP. This is the PHP code:

> I tried to add
>     $c->response->cookies->{id} = {
>         value => [],
>         expires => time-86400,
>     };
> in your Root/del code but it doesn't work. Only the testcookie got deleted.

This is good, because we have proven that cookies are working
correctly for you from within catalyst.  The test application cannot
manipulate your other application's cookie because the test
application is running in a different location.

A web server running on http://localhost:3000 cannot view or
manipulate cookies for http://sin.my.office.com.  This is for security
reasons.  You would not want www.microsoft.com to be able to view or
delete your cookies for www.google.com, for example.

For your PHP application and your catalyst application to be able to
view/manipulate each others cookies, both applications must be
accessed on the same domain name and be setting their cookies into the
same 'path'.  Please note... http://localhost and
http://localhost:3000 are considered different domain names, and will
not be able to interact with each other's cookies.

Cookies are programming language and server independent.  All
languages and browsers follow generally the same rules.  Once you
understand what these rules are, you will have a much better
understanding how cookies work in your application and how to
troubleshoot problems.  A very good place to start is the
implementation section in this article:
http://en.wikipedia.org/wiki/HTTP_cookie

Kind Regards,

/Mitchell K. Jackson

On Mon, Jun 2, 2008 at 12:56 AM,  <sindharta_tanuwijaya at yahoo.co.jp> wrote:
> Hi,
>
>
> <?php
> setcookie("id", "sindharta", time() + 3600, "/", ".sin.my.office.com");
> setcookie("session", "blablablablablabla", time() + 3600, "/",
> ".sin.my.office.com");
> echo "cookies...\n";
> print_r($_COOKIE);
> echo "set!";
> ?>
>
> I tried to add
>     $c->response->cookies->{id} = {
>         value => [],
>         expires => time-86400,
>     };
> in your Root/del code but it doesn't work. Only the testcookie got deleted.
>
> Sindharta
>
> sindharta_tanuwijaya at yahoo.co.jp wrote:
>
> Hi Jackson,
>
> Thanks for the source code. I'll be away from my workplace for a few days,
> but I think I'll be back next week, so I'll try your source code and compare
> it with mine at that time.
> I'll let you know how it works.
> Thanks again.
>
> Sindharta
>
> Mitch Jackson <perimus at gmail.com> wrote:
>
> Sindharta,
>
> I created a simple test application to set and delete a cookie, and it
> is working as expected. The correct thing is happening in your
> headers: as you roll back the expire time, that is reflected in the
> headers that get sent.
>
> I've posted my test application here:
> http://perimus.com/files/cookietest.tar.bz If this also does not work
> for you, there is some other problem.
>
> Please check the time/date on your server and the time/date on your
> computer. As an example, If your server thinks it's May 28th 2008 but
> your computer thinks it's May 28th 2007, then your browser still
> thinks the requested expiry time of May 27th 2008 02:00 GMT is a year
> in the future and will preserve the cookie.
>
> Kind Regards,
>
> /Mitchell K. Jackson
>
> On Tue, May 27, 2008 at 9:25 PM, wrote:
>> Thank you for your response. But I am still having the same problem if I
>> don't use Javascript.
>>
>> I added:
>>
>> $c->delete_session('Logout'); in Root/default
>> $c->res->cookies
>> ->{id} = {
>> value => [],
>> expires => time()-86400,
>> };
>> $c->res->cookies
>> ->{session} = {
>> value => [],
>> expires => time()-86400,
>> };
>>
>> and the Firebug Net log would generate:
>> ----------------------------------
>> Response Headers
>> Connection close
>> Date Wed, 28 May 2008 02:13:04 GMT
>> Content-Length 3345
>> Content-Type text/html; charset=utf-8
>> Set-Cookie catalyst_session=cb50670fae865f6266b0bb2c5b992c88093b8dbe;
>> domain=.shindaru.my.office.com; path=/; expires=Wed, 28-May-2008 02:13:04
>> GMT session=; path=/; expires=Tue, 27-May-2008 02:13:04 GMT id=; path=/;
>> expires=Tue, 27-May-2008 02:13:04 GMT
>> Status 200
>> X-Catalyst 5.7013
>>
>> Request Headers
>> Host shindaru.my.office.com:3000
>> User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14)
>> Gecko/20080404 Firefox/2.0.0.14
>> Accept
>>
>> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
>> Accept-Language en-us,en;q=0.5
>> Accept-Encoding gzip,deflate
>> Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive 300
>> Connection keep-alive
>> Cookie __utma=175737056.1376894921.1211863250.1211880303.1211937459.4;
>> session=4alqcz3qqey2wkiokonx; id=sindharta;
>>
>> __utmz=175737056.1211863250.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none);
>> __utma=175737056.1376894921.1211863250.1211880303.1211937459.4
>> Cache-Control max-age=0
>> ----------------------------------
>>
>> But the strange thing is, if I changed the expires into
>> expires => time()+5,
>> the Firebug log would become:
>>
>> -----------------------------------
>> Response Headers
>> Connection close
>> Date Wed, 28 May 2008 02:18:57 GMT
>> Content-Length 3345
>> Content-Type text/html; charset=utf-8
>> Set-Cookie catalyst_session=70ca66db5210730bc63ccb2fdac240543da0f1a0;
>> domain=.shindaru.my.office.com; path=/; expires=Wed, 28-May-2008 02:18:57
>> GMT session=; path=/; expires=Wed, 28-May-2008 02:19:02 GMT id=; path=/;
>> expires=Wed, 28-May-2008 02:19:02 GMT
>> Status 200
>> X-Catalyst 5.7013
>>
>> Request Headers
>> Host shindaru.my.office.com:3000
>> User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14)
>> Gecko/20080404 Firefox/2.0.0.14
>> Accept
>>
>> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
>> Accept-Language en-us,en;q=0.5
>> Accept-Encoding gzip,deflate
>> Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive 300
>> Connection keep-alive
>> Cookie __utma=175737056.1376894921.1211863250.1211880303.1211937459.4;
>>
>> __utmz=175737056.1211863250.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none);
>> __utma=175737056.1376894921.1211863250.1211880303.1211937459.4;
>> id=sindharta; session=4alqcz3qqey2wkiokonx; session=; id=
>> Cache-Control max-age=0
>> -----------------------------------
>>
>>
>> Sindharta
>>
>> Gabriel Vieira wrote:
>>
>> You need to understand how Cookies are writed.
>> Thery are HTTP Headers, so you may be giving an outdated value and
>> next the system gives a update value. Javascript writes the Cookies
>> after HTTP process, so the system values are irrelevant to it.
>>
>> Try to use the Catalyst structure to manipulate them instead of trying
>> to make some code.
>>
>>
>> On Tue, May 27, 2008 at 11:07 AM, Mitch Jackson wrote:
>>>> delete @{ $c->session }{qw/__user/};
>>>> delete @{ $c->session }{qw/id/};
>>>> delete @{ $c->session }{qw/session/};
>>>
>>> Catalyst::Plugin::Session provides a "delete_session" method
>>> http://search.cpan.org/search?query=catalyst%3A%3Aplugin%3A%3Asession
>>>
>>>> $c->res->cookies
>>>> ->{id} = {
>>>> value => [],
>>>> expires => 0,
>>>> };
>>>> But the cookies just keep appearing, no matter how many times I refresh
>>>> my
>>>> browser. I think there is something wrong, but I just couldn't figure
>>>> out
>>>> where.
>>>
>>> To ask a browser to forget a cookie, the expiry date must be specified
>>> in the past. Try setting expires to time()-86400.
>>>
>>> If you continue to have problems, use Firebug
>>> (http://addons.mozilla.org/firefox/addon/1843) to view the http
>>> headers and see the actual cookie headers received by the browser and
>>> post those here as they are received by the browser.
>>>
>>> Kind Regards,
>>>
>>> /Mitchell K. Jackson
>>>
>>> _______________________________________________
>>> List: Catalyst at lists.scsys.co.uk
>>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>>> Searchable archive:
>>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>>> Dev site: http://dev.catalyst.perl.org/
>>>
>>
>>
>>
>> --
>> Gabriel Vieira
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive:
>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
>>
>>
>>
>> ________________________________
>> GANBARE! NIPPON! Win your ticket to Olympic Games 2008.
>>
>> _______________________________________________
>> List: Catalyst at lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive:
>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
>>
>>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
> ________________________________
> GANBARE! NIPPON! Win your ticket to Olympic Games 2008.
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
>
> ________________________________
> Power up the Internet with Yahoo! Toolbar.
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>

More information about the Catalyst mailing list