The Kelly Company and Shamrock Logo
DAWKCo(tm) Software: e-Mail POP3 Server, SMTP Anti-Spam eMail Blocker, WebMail, Web Site Mapper, Website Design
 
Software Websites News Favorites Contact



Advanced Search

Sitemap






 
Message Board Posting: Software Topic

The content of these postings are the words of the persons posting the messages and do not necessarily reflect the views or opinions of the owners or operators of this web site.

[Software Topic Messages] [Message Board Terms Of Use]

Subject: Updated Cookie handling
Posted by: dawkco software
Date: Sun, 30 Jul 2006 13:53:21 -0700
Message:

We recently updated our website to enable site-wide tracking of shopping cart contents using Cookies.  (Previously, the cart tracking was restricted to just the catalog section.)

One problem we ran into was that, unless a path is explicitly specified in a cookie, the cookie name/value will apply only to the path of the current URL.  The work-around is to specify ";path=/" in the cookie no matter what the URL is; then, its name/value data is unique and applicable site-wide.

Another problem we found was that current version browsers vary in their support for updated cookie specifications.  The original Netscape cookie proposal called for a Set-Cookie header with an optional ";expires=cookie-date" attribute name/value, where cookie-date was a variation of the old HTTP/1.0 (RFC 1945) GMT date/time spec.  Unfortunately, the original Netscape cookie-date format does not conform to the new HTTP/1.1 (RFC 2616) requirement that only the RFC 1123 GMT date/time format be used in headers.  The new cookie handling methods specified in RFC 2965, HTTP State Management Mechanism, call for a Set-Cookie2 header with an optional ";max-age=delta-seconds" attribute, similar to the max-age cache-control directive in HTTP/1.1, where delta-seconds is just the lifetime of the cookie in seconds from the time it was received.  In addition, RFC 2965 adds to the Set-Cookie2 header a new required ";version=1" attribute, as well as other useful optional attributes like ";disc ard" and ";comment=text".

In terms of manipulating cookies using JavaScript, Microsoft Internet Explorer recognizes an ";expires=cookie-date" attribute with a properly formatted date value (per RFC 1123), but does not recognize a ";max-age=delta-seconds" attribute.  Conversely, Netscape Gecko recognizes a ";max-age=delta-seconds" attribute, but surprisingly does not recognize (or ignores) an ";expires=cookie-date" attribute.  We found that a work-around which enables both versions of browser to correctly handle cookie expiration is to include both the expires= and max-age= attributes.

The following javascript code function named "setCookie" shows how we handled the issues described above by setting the path= attribute to the root path, and by using both the old Netscape-style expires= attribute and the new RFC 2965 max-age= attribute for setting the cookie lifetime.  (Note that the setCookie function contains one single line statement, but the line may be wrapped into multiple lines by your browser/viewer.)

function setCookie(sName, sValue, sTtl) {
  document.cookie = "" + escape(sName) + "=" + escape(sValue) + ";path=/" + getExpiryStr(sTtl) + ";version=1;max-age=" + getDeltaSecs(sTtl).toString() + ";comment=ProductsList";
}

The getExpiryStr function returns a string containing ";expires=cookie-date" where cookie-date is a RFC 1123 formatted GMT date/time string.  The sTtl (time-to-live) parameter of both the getExpiryStr and getDeltaSecs functions is a string that indicates an offset from the current date/time and takes the form "-?d+ aa".  For example, "0 sc", "300 mn", "2 hr", "-1 dy", "12 dy", "1 mo", "1 yr", etc.  Note that a negative offset can only be used with the getExpiryStr function (i.e., for expires=cookie-date); as the max-age=delta-seconds attribute requires a non-negative integer value, you must use an offset greater than or equal to 0 with the getDeltaSecs function.  You can get the full javascript source code from /kscripts/cookies.js at this web site.


Post A Follow-up To This Message


Follow-ups:
    none

[Software Topic Messages] [Message Board Terms Of Use]


Shamrock LogoHome | Software | Websites | News | Links | Contact | Sitemap | ^
Web Pages by DAWKCoTM Software
Copyright ©1996-2015 The Kelly CompanySM. All rights reserved.

Page Last Updated:  Thursday, 09-Mar-2017 19:40:03 EST