cookie expire question

koryw has asked for the wisdom of the Perl Monks concerning the following question:

I have a perl cgi-bin process that creates a cookie and puts the user in a queue position associated with a mysql database. I reload the page every 45 seconds and that updates their queue position and cookie. The reason why the cookie is update is, because we set it to expire +1m, so if they leave the page their cookie expires, or if they close the browser it expires, but as long as they let the reload happen they will have their cookie updated to not expire for another minute. Onces they reach 1 on the queue, I expire their cookie (I set the expires field to -1y) and delete their session id and remove the Mysql record and redirect the users to a login page along with the cookie expire change.

Here is the strange part the session id deletes fine, Mysql deletes fine, but the cookie is still there for maybe two more minutes before it gets expired. I thought sending the cookie the past years time would immediatley expire the cookie when sent to the browser header.

What I'm I doing wrong. I'm using CGI::COOKIE. Code below for expiring cookie

my $cookieHandle = $cgi->cookie(-name=>$PHQConf{COOKIE_NAME}, -value=>
+$sessionObj->id, -expires=>'-1y');

print $cgi->redirect(-uri=>$target, -cookie=>$cookieHandle);
[download]

20030329 Edit by Corion : Added formatting

Comment on cookie expire question Download Code

Replies are listed 'Best First'.
•Re: cookie expire question by merlyn (Sage) on Mar 29, 2003 at 14:32 UTC
Since you're already set up with a server-side session, why bother with all the client side manipulation. Just "brand the browser" as I show in my must-read cookie article. Push one long-term cookie out to that browser. Note the browser's behavior via changing server-side state. When it gets time to put them into the login queue, you just redirect differently on the refresh. Too easy. In fact, that's a nice idea for a column. I've added it to my list. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
Re: •Re: cookie expire question by theorbtwo (Prior) on Mar 29, 2003 at 14:42 UTC
BTW, writing-style note -- don't give references to years in things that should be long-lasting. Everything you said in that article still applies just as well (or better, with cell browsers, and the larger number of minor-player browers) to the world today... except for "that lasts until year 2003". I had to go check the date on the article, because it /is/ the year 2003. (I would have said 2037, or "for ten years", or somesuch, or "the year 2525, if man is still alive", if I felt like being cheezy.) Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).	[reply]
•Re: Re: •Re: cookie expire question by merlyn (Sage) on Mar 29, 2003 at 15:09 UTC
Yeah, that's been reported at least twice before. I sometimes write things that I strongly would need to reconsider later. {grin} (The famous "who would want to change these" hardwired constants in `chat2.pl` immediately come to mind...) -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
Re: cookie expire question by Jaap (Curate) on Mar 29, 2003 at 10:11 UTC
Try setting the cookie value to something else (without the expires) and see if that can be read out immediately or after 2 minutes. Then try the different cookie value AND the expires -1y to see when you can read it out.	[reply]
Re: cookie expire question by powerhouse (Friar) on Mar 29, 2003 at 21:59 UTC
I expire our cookies with -1d. That works perfectly. Try that. It's only 1 day expired, but the browser still deletes it. thx, Richard	[reply]