in reply to Persistant cookie issue.

Don't use that logic. You should only "brand a browser" with a cookie. Put the login/logout logic on the server-side. Don't trust that erasing a cookie will erase a cookie.

See my column on that for details.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Replies are listed 'Best First'.
Re: Persistant cookie issue.
by UnderMine (Friar) on Nov 28, 2002 at 09:37 UTC
    Thanks for that.

    I have modified the system to overwrite the cookie with a new value 'loggedout' rather than try to erase it.

    This seams to work a lot better now and normally I brand the browser short term but in this case I need persistance between browser sessions (Yes I hate it too).

    Hope that is clear
    UnderMine

[reply]
[d/l]
      I have modified the system to overwrite the cookie with a new value 'loggedout' rather than try to erase it.
      I think you missed the point then. The browser doesn't have to respect that request either. And if it doesn't, are you trusting that old cookie that says that the user is still logged in? {sigh}

      Please read the article again. Do not trust anything from the browser. Use a cookie only to distinguish this browser from that browser. Do not use cookies for anything regarding state.

      -- Randal L. Schwartz, Perl hacker
      Be sure to read my standard disclaimer if this is a reply.

[reply]
        Sorry, I seem to have engaged brain dense mode for a bit there. I see exactly what you are saying.

        Thanks for pointing out my obvious lack of a brain these last couple of days ;)

        UnderMine

[reply]

In Section Seekers of Perl Wisdom