CGI::Cookie - Safari won't accept -expires

Tatnall has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks,

I'm using CGI::Cookie trying to set an expire value for 30 minutes ( '+30m' ). Safari won't accept the value and leaves the expire field blank.

Does anyone know a solution for this using CGI::Cookie?

The cookie expirations are working perfectly in Firefox, Opera, and IE.

I've searched around the monastery and tried to find any information about the problem with no luck. I found HTTP::Cookies::Safari, which seems to address the problem in it's README:

This package overrides the load() and save() methods of HTTP::Cookies so it can work with Safari cookie files.

Note: If the source Safari cookie file specifies and expiry date past the unix 32-bit epoch, this file changes the expiry date to 0xFFFFFFFF in unix seconds. That should be enough for anyone, at least to the next release.

use strict;
use warnings;
use CGI;
use CGI::Cookie;

my $c = new CGI::Cookie(
  -name    =>  'session_id',
  -value   =>  '23423',
  -domain  =>  '.testdomain.com', 
  -path    =>  '/testfolder',
  -expires =>  '+30m',
);
print header(-cookie=>$c);

#--- Rest of Script
[download]

Thanks,
Tatnall

"Recognizing who we aren't is only the first step toward knowing who we are." - Os Guinness

Comment on CGI::Cookie - Safari won't accept -expires Download Code

Replies are listed 'Best First'.
Re: CGI::Cookie - Safari won't accept -expires by jonadab (Parson) on Dec 22, 2006 at 22:49 UTC
I've not used the CGI::Cookie module, but I can tell you in general that you should never rely on the client to expire a cookie correctly. The cookie record in the database should have an expiration field, and your code that checks the cookie should refuse to accept expired ones. Sanity? Oh, yeah, I've got all kinds of sanity. In fact, I've developed whole new kinds of sanity. You can just call me "Mister Sanity". Why, I've got so much sanity it's driving me crazy.	[reply]
Re: CGI::Cookie - Safari won't accept -expires by derby (Abbot) on Dec 23, 2006 at 01:55 UTC
From what I remember safari is very strict about the date format (other browsers tend to be very lenient). Safari expects the date to be in the format of Wdy, DD-Mon-YYY HH::MM::SS GMT (Sat, 23-Dec-2006 02:06:57 GMT). I would first double check that your date's in the right format. But unless your using an old or broken version of CGI::Cookie, I expect it's fine. Other than that, I would check the clock on the client and ensure it's not skewed in some odd way. Other than that, I would do as the first comment suggested and not really rely on the expiration date -- keep track at the server - that's what sessions are for. -derby	[reply]
Re: CGI::Cookie - Safari won't accept -expires by f00li5h (Chaplain) on Dec 23, 2006 at 13:08 UTC
Perhaps you can use CGI::Session, this will allow you to have a the who session expire, after which the cookie is ignored by your script. It will also allow you to expire specific keys within the session after a given time like so: `$session->param ('fieldname' ) # retreive the data from the session $session->expire ('fieldname', '+15m') # fieldname expires after 15 mi +nutes` [download] (this api is like the one CGI uses ) `@_=qw; ask f00li5h to appear and remain for a moment of pretend better than a lifetime;;s;;@_[map hex,split'',B204316D8C2A4516DE];;y/05/os/&print;`	[reply] [d/l] [select]