The Web Design Group

... Making the Web accessible to all.

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> max-age attribute not working, How do you make a cookie expire?
jmrathbun
post Jun 29 2011, 09:02 PM
Post #1


Newbie
*

Group: Members
Posts: 15
Joined: 8-June 11
Member No.: 14,726



I'm trying to set a cookie that will expire in 24 hours. I've tried
CODE
Set-Cookie: score=10; path=/; expires=time()+86400

and I've tried
CODE
Set-Cookie: score=10; path=/; max-age=86400

both on Unix and on Windows servers, but in every case I get a session cookie only.

What's wrong?
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 30 2011, 05:30 AM
Post #2


.
********

Group: WDG Moderators
Posts: 6,032
Joined: 10-August 06
Member No.: 7



That looks like a HTTP response, so I move the thread to the Web server configuration forum.


--------------------
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
jmrathbun
post Jun 30 2011, 06:35 AM
Post #3


Newbie
*

Group: Members
Posts: 15
Joined: 8-June 11
Member No.: 14,726



QUOTE(Christian J @ Jun 30 2011, 06:30 AM) *

That looks like a HTTP response, so I move the thread to the Web server configuration forum.


Huh?
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 30 2011, 10:05 AM
Post #4


.
********

Group: WDG Moderators
Posts: 6,032
Joined: 10-August 06
Member No.: 7



QUOTE(jmrathbun @ Jun 30 2011, 01:35 PM) *

QUOTE(Christian J @ Jun 30 2011, 06:30 AM) *

That looks like a HTTP response, so I move the thread to the Web server configuration forum.


Huh?

Sorry if I got that wrong. So what are you using to set the cookie --server-side scripting (if so which language?), htaccess directive?


--------------------
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
jmrathbun
post Jun 30 2011, 11:59 AM
Post #5


Newbie
*

Group: Members
Posts: 15
Joined: 8-June 11
Member No.: 14,726



Sorry to be so unclear. According to various online sources, this code goes at the top of the html document and it executes as expected (leaving a cookie) except the cookie expires at the end of the browser session instead of 24 hours later as the code indicates it should. Here's the whole script:
CODE
#!/usr/local/bin/perl
use warnings;
use strict;
use CGI;
my $cgi=new CGI;
use diagnostics;

print "Set-Cookie: topic=Consciousness; path=/; expires=time()+86400\n";
print "Set-Cookie: score=10; path=/; max-age=86400\n";
print "Set-Cookie: smarts=20; path=/; expires=time()+86400\n";
print "Set-Cookie: playlevel=30; path=/; max-age=86400\n";
print $cgi->header;
print $cgi->start_html('Set Cookie');
print $cgi->h1('The cookie has been set!');
print $cgi->end_html;
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Darin McGrew
post Jun 30 2011, 12:12 PM
Post #6


WDG Member
********

Group: Root Admin
Posts: 8,011
Joined: 4-August 06
From: Mountain View, CA
Member No.: 3



QUOTE
this code goes at the top of the html document
No, that is incorrect. That code might go at the top of a Perl CGI program that generates an HTML document, but it does not go at the top of a plain HTML document.


--------------------
Darin McGrew
WDG Member since 1998
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
jmrathbun
post Jun 30 2011, 12:35 PM
Post #7


Newbie
*

Group: Members
Posts: 15
Joined: 8-June 11
Member No.: 14,726



Try testing my code, if you will. I've done it from this Perl script and with conventional HTML, and it always generates cookies. My question is, why are they session cookies rather than carrying the expiration date as the code requires? If you think it's the positioning that's at fault, how would you reposition this in the HTML? Please test your code before posting. Here's the output of the script:
CODE
Set-Cookie: topic=Consciousness; path=/; expires=time()+86400
Set-Cookie: score=10; path=/; max-age=86400
Set-Cookie: smarts=20; path=/; expires=time()+86400
Set-Cookie: playlevel=30; path=/; max-age=86400
Content-Type: text/html; charset=ISO-8859-1



<!DOCTYPE html
    PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Set Cookie</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>The cookie has been set!</h1>
</body>
</html>
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Darin McGrew
post Jun 30 2011, 02:24 PM
Post #8


WDG Member
********

Group: Root Admin
Posts: 8,011
Joined: 4-August 06
From: Mountain View, CA
Member No.: 3



The expires=... value should be a date/time value, for example:
expires=Thu, 30-Jun-2012 20:23:38 GMT

Something needs to process the "time()+86400" value and convert that into a date/time value in the above format. That isn't happening.


--------------------
Darin McGrew
WDG Member since 1998
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
jmrathbun
post Jun 30 2011, 04:01 PM
Post #9


Newbie
*

Group: Members
Posts: 15
Joined: 8-June 11
Member No.: 14,726



QUOTE(Darin McGrew @ Jun 30 2011, 03:24 PM) *

The expires=... value should be a date/time value, for example:
expires=Thu, 30-Jun-2012 20:23:38 GMT

Something needs to process the "time()+86400" value and convert that into a date/time value in the above format. That isn't happening.


According to http://tools.ietf.org/html/rfc6265#section-4.1

QUOTE

4.1.2.2. The Max-Age Attribute


The Max-Age attribute indicates the maximum lifetime of the cookie,
represented as the number of seconds until the cookie expires. The
user agent is not required to retain the cookie for the specified
duration. In fact, user agents often evict cookies due to memory
pressure or privacy concerns.

NOTE: Some existing user agents do not support the Max-Age
attribute. User agents that do not support the Max-Age attribute
ignore the attribute.

If a cookie has both the Max-Age and the Expires attribute, the Max-
Age attribute has precedence and controls the expiration date of the
cookie. If a cookie has neither the Max-Age nor the Expires
attribute, the user agent will retain the cookie until "the current
session is over" (as defined by the user agent).


So maybe my Firefox is one of those browsers that ignores the max-age attribute. As far as the expires= tag, I gather that's deprecated and I have seen multiple conflicting ideas on how to use it. I decided to rewrite my script using CGI to manage the whole cookie business, and what I got was similar to what you recommend. Now I just have to figure out how to get it to write multiple cookies or else a single cookie containing a hash (which I then have to parse in my script that reads and uses the cookie.) Ugh!
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
jmrathbun
post Jun 30 2011, 04:23 PM
Post #10


Newbie
*

Group: Members
Posts: 15
Joined: 8-June 11
Member No.: 14,726



OK, I think I got it! Here's a working script:
CODE
#!/usr/local/bin/perl
use warnings;
use strict;
use CGI;
my $cgi=new CGI;
use diagnostics;

my $c_topic = $cgi->cookie(-name=>'topic',-value=>'Consciousness',-expires=>'+1d',-path=>'/');
my $c_score = $cgi->cookie(-name=>'score',-value=>'10',-expires=>'+1d',-path=>'/');
my $c_smarts = $cgi->cookie(-name=>'smarts',-value=>'20',-expires=>'+1d',-path=>'/');
my $c_playlevel = $cgi->cookie(-name=>'playlevel',-value=>'30',-expires=>'+1d',-path=>'/');

print "Set-Cookie: $c_topic\n";
print "Set-Cookie: $c_score\n";
print "Set-Cookie: $c_smarts\n";
print "Set-Cookie: $c_playlevel\n";
print $cgi->header;
print $cgi->start_html('Set Cookie');
print $cgi->h1('The cookie has been set!');
print $cgi->end_html;


And the output is:
CODE
Set-Cookie: topic=Consciousness; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Set-Cookie: score=10; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Set-Cookie: smarts=20; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Set-Cookie: playlevel=30; path=/; expires=Fri, 01-Jul-2011 21:14:11 GMT
Content-Type: text/html; charset=ISO-8859-1



<!DOCTYPE html
    PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Set Cookie</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>The cookie has been set!</h1>
</body>
</html>


Thanks to all who tried to help. I only do this because it's so much fun!

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 15th September 2014 - 04:28 AM