[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Timeout question

Subject: Re: Timeout question
From: Dirk Tepe <email@hidden>
Date: Wed, 30 Jun 2004 12:14:01 -0400

The browser is responsible for determining the disposition of the cookie based on the domain, path and expire values. The server is never responsible for deciding what to accept. The browser always decides what to send. The specification can be found at:

http://wp.netscape.com/newsref/std/cookie_spec.html

The relevant line for expire is:

  The expires attribute specifies a date string that
  defines the valid life time of that cookie. Once
  the expiration date has been reached, the cookie
  will no longer be stored or given out.

A common technique for removing a non-session cookie (ie, a cookie with a valid future expire date) is to give the cookie a date in the past. When the browser sees the date in the past, it immediately removes the cookie.

I do have to restate my original post, though. The problem was a cookie was not being deleted when it should have been, leading to confusing results. We attempted to delete the cookie using the method described above. However, that failed since the the computer clock was set to a date further in the past then the expiration date we were using. The browser relies on the computer clock and therefore considered the cookie to still be valid.

In the case of the original PayPal problem, PayPal may be setting a cookie that says "if we don't hear from by this time, your transaction will timeout". It may be that the customer computer is set to a date or time in the future, causing PayPal to believe that more time has past then is true. I'm only speculating, but when dealing with time sensitive cookies, I've learned the hard way that we are at the mercy of the user to insure their computer clock is accurate.

-dirk

On Jun 30, 2004, at 11:32 AM, Walter Lee Davis wrote:

On Jun 30, 2004, at 11:17 AM, Dirk Tepe wrote:
I had a similar problem with a WebISO system we wrote. It turns out that the time on the client's machine was wrong. The year had been set to 10 years in the past. This caused a time based cookie to be expired immediately rather than living for the specified amount of time.

Yikes! Is that really the way that time-based cookies are reaped? I thought the server decided whether or not to accept the token based on the date, not the client deleting it.

Walter

_______________________________________________
web-development mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/web-development
Do not post admin requests to the list. They will be ignored.

References:
	>Timeout question (From: Jane <email@hidden>)
	>Re: Timeout question (From: Robin Darby <email@hidden>)
	>Re: Timeout question (From: Dirk Tepe <email@hidden>)
	>Re: Timeout question (From: Walter Lee Davis <email@hidden>)

Prev by Date: Re: Timeout question
Next by Date: Re: MySQL GUI Tool for Mac OS X
Previous by thread: Re: Timeout question
Next by thread: Re: Timeout question
Index(es):
- Date
- Thread

Home