• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Cookie will not die

 
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What do I have to do to delete a cookie?
I tried:
loginCookie.setMaxAge(0);
loginCookie.setValue("");
response.addCookie(loginCookie);
The cookie is sent in the response and with the values I have sent, but the browser sends it back to the host on subsequent http requests. It seems the browser is reviving my cookie (?)
How to kill this cookie for good?
 
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm no expert on cookies, but I think I've had the same or similar situation where I'd expire a cookie and it would take a while for it to die. After fooling around with the system clock om my computer, I figured out that if the (client's) computer's time is running behind the server's, the cookie will still be alive and chirping, long after you buried it . . .
The reason for this is that you don't delete cookies, only expire them. When you code loginCookie.setMaxAge(0); all you're doing is setting the cookies expiration time to the current time on the server. If the client's computer is running slower, it won't realize that the cookie is supposed to be expired and it'll still get sent back on the next request . . .
However you can still identify these dead cookies (ghosts ???), by altering its contents the same time you're expiring it. In fact you're already doing that, loginCookie.setValue("");. Thus, even if you find the cookie in the clients request, if its value is blank you know it's dead . . .
Hope this helps . . . .
[ December 03, 2002: Message edited by: Mayer Salzer ]
 
Author
Posts: 245
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
another way to deal with this is to set the expiry date sufficiently in the past - say 30 days - to guarantee that it is deleted. I dont know any browser that has a problem with that.
 
Ranch Hand
Posts: 88
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Garrett,
You can also of course invalidate the session that the cookie is maintaining state for, then who cares if the cookie wont die!
javax.servlet.http
Interface HttpSession
public void invalidate()
Invalidates this session then unbinds any objects bound to it.
 
Mayer Salzer
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Chanoch,
Setting the expiration date to the past (by passing a negative number to the 'setMaxAge' method) does not work the way you would expect it to. Instead, when you set the expiration date to any negative number, the cookie gets treated like a 'session cookie' which means it gets deleted (on the client's side) when the browser is closed - not before then. If the user doesn't close the browser the cookie is still alive and well. Try it yourself and see how it works.

Thomas,
Invalidating the session is a good solution if you're dealing with session cookies (tracks the session id for each session). However, we're talking about regular cookies. These things are used to maintain state long after the session is gone. They're totally independent of sessions. . .
 
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
Use loginCookie.setMaxAge(1); instead of loginCookie.setMaxAge(0);
It was bothering me for a while and someone told me of this trick. try and let me know
 
Mayer Salzer
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Servin Park:

Use loginCookie.setMaxAge(1); instead of loginCookie.setMaxAge(0)


I tried it, it makes no difference . . . (it actually prolongs the life of the cookie for one more second). If the time on the clients computer is running behind the server, the cookie will still not be expired, until the client's clock catches up . . .
 
Garrett Smith
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I found that the problem only happens in Mozilla, so I filed a bugzilla report. It seems that they look for the expires part of the cookie, not the maxAge. Mozilla should look to maxAge first, and then expires. Instead it says "oh, expires= [a long time in the future], so let's keep the cookie," and does not even check the maxAge.
Cookies were developed by netscape. It's no wonder they're such a pain in the .
...giving myself carpal tunnel over someone else's bugs...

BTW, invalidating the session is not the way to delete cookies.
 
Garrett Smith
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oh, this problem came back, or maybe never went away.
I notice in IE the problem is a little different.
Case:
1) login to dhtmlkitchen.com checking "Auto Login"
2) logout calls Logout.java (doGet)
3) quit browser
4) open browser
5) be automatically logged in. (should not happen).
After 2)Logout is run, the cookie is not deleted. I know this because I
can see the cookie:

javascript:alert(document_dot_cookie) // replace '_dot_' with '.'
The relevant lines of Logout.java:


An exception is thrown and printed to my browser if I uncomment this: // throw new ServletException("Logout.java login coookie deletion in process: "+ loginCookie);
javax.servlet.ServletException: Logout.java login coookie deletion in process: javax.servlet.http.Coookie@2108e0
So the coookie exists. What am I doing wrong here? Why does deletion
fail?
[ December 21, 2002: Message edited by: Garrett Smith ]
 
What I don't understand is how they changed the earth's orbit to fit the metric calendar. Tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic