Re: Safari cookies
This WebDNA talk-list message is from 2006
It keeps the original formatting.
numero = 66720
interpreted = N
texte = Frank,The expires parameter is supposed to be formatted pretty specifically. I don't see how your expires date would work with any browser. Maybe lenient browsers are treating it as a session cookie (no expires parameter), but at least one browser (Safari?) will refuse to set a cookie if the expires is malformed, as I discovered recently with a typo.To make a cookie expire at the end of a session, set the expiration to a date in the past (you could also use the current date and time, but using a hard-coded past date is easier for me). I used to leave out the expires parameter for a session cookie, but some browsers don't like that these days. (Safari maybe? I forget which one.).Lately I have been using include files in my globals folder to insert properly formatted expires values for past date, current date, 30 minute cookie, 3 day cookie and year cookie. On a cookie setting page where I'm setting multiple cookies, I set text variables up top using the includes to make it cleaner.For instance:(the +5 offset is for US Eastern time, and the time zone is specific to me as well, to account for daylight savings time)cookietime1yr.inc :[format days_to_date %A, %d-%b-%Y][math]{[date]}+{00/00/0001}[/math][/format] [math time]{[time]}+{05:00:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMTcookietimenow.inc:[format days_to_date %A, %d-%b-%Y][math]{[date]}[/math][/format] [math time]{[time]}+{05:00:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMTcookietime30min.inc:(This one accounts for passing midnight if applicable)[format days_to_date %A, %d-%b-%Y][math]{[date]}[showif [math]{[time]}+{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math]<[math]{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math]]+{00/01/0000}[/showif][/math][/format] [math time]{[time]}+{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMTBTW, I wouldn't put the password in as the value of the cookie. This would be visible when inspecting cookies in browser preferences. On a shared computer, this poses a security risk. Once they've passed authentication and you set the cookie, the member name should be enough to know about, right?Hope this helps,Terry>Is there anything unusual I have to be aware of concerning Safari andcookies?>>I've had a member login script at one of my sites for ages. >Fairlystandard script and it seems to have worked quite well but now >it turnsout Safari doesn't allow it to set the cookie.>>The script looks like this:>>[SHOWIF >[PW]=[LOOKUPdb=memberbase.db&lookInField=NAME&value=[MEMBER]&returnField=PASSWORD¬Found=none]]>[SETCOOKIE >name=musicavivalogin&value=[MEMBER][PW]&expires=[MATHDATE]({[DATE]}+2)[/MATH]&path=/&domain=www.musicaviva.com]>[/SHOWIF]>>Btw, is there a way to make the cookie expire at the end of the >session?Somehow I've never got the script to work without spcifying >anexpiration date.>>Frank Nordberg>http://www.musicaviva.com-- Terry Wilson | terry@terryfic.com | http://terryfic.comhttp://WhosComing.com - a simplified, affordable online reservation systemhttp://TightPods.com -- stylish protection for your laptop--------------------------------------------------------------------------Attitude is the only difference between ordeal and adventure.-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Frank,The expires parameter is supposed to be formatted pretty specifically. I don't see how your expires date would work with any browser. Maybe lenient browsers are treating it as a session cookie (no expires parameter), but at least one browser (Safari?) will refuse to set a cookie if the expires is malformed, as I discovered recently with a typo.To make a cookie expire at the end of a session, set the expiration to a date in the past (you could also use the current date and time, but using a hard-coded past date is easier for me). I used to leave out the expires parameter for a session cookie, but some browsers don't like that these days. (Safari maybe? I forget which one.).Lately I have been using include files in my globals folder to insert properly formatted expires values for past date, current date, 30 minute cookie, 3 day cookie and year cookie. On a cookie setting page where I'm setting multiple cookies, I set text variables up top using the includes to make it cleaner.For instance:(the +5 offset is for US Eastern time, and the time zone is specific to me as well, to account for daylight savings time)cookietime1yr.inc :[format days_to_date %A, %d-%b-%Y][math]{[date]}+{00/00/0001}[/math][/format] [math time]{[time]}+{05:00:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMTcookietimenow.inc:[format days_to_date %A, %d-%b-%Y][math]{[date]}[/math][/format] [math time]{[time]}+{05:00:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMTcookietime30min.inc:(This one accounts for passing midnight if applicable)[format days_to_date %A, %d-%b-%Y][math]{[date]}[showif [math]{[time]}+{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math]<[math]{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math]]+{00/01/0000}[/showif][/math][/format] [math time]{[time]}+{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMTBTW, I wouldn't put the password in as the value of the cookie. This would be visible when inspecting cookies in browser preferences. On a shared computer, this poses a security risk. Once they've passed authentication and you set the cookie, the member name should be enough to know about, right?Hope this helps,Terry>Is there anything unusual I have to be aware of concerning Safari andcookies?>>I've had a member login script at one of my sites for ages. >Fairlystandard script and it seems to have worked quite well but now >it turnsout Safari doesn't allow it to set the cookie.>>The script looks like this:>>[SHOWIF >[PW]=[LOOKUPdb=memberbase.db&lookInField=NAME&value=[MEMBER]&returnField=PASSWORD¬Found=none]]>[SETCOOKIE >name=musicavivalogin&value=[MEMBER][PW]&expires=[MATHDATE]({[date]}+2)[/MATH]&path=/&domain=www.musicaviva.com]>[/SHOWIF]>>Btw, is there a way to make the cookie expire at the end of the >session?Somehow I've never got the script to work without spcifying >anexpiration date.>>Frank Nordberg>http://www.musicaviva.com-- Terry Wilson | terry@terryfic.com | http://terryfic.comhttp://WhosComing.com - a simplified, affordable online reservation systemhttp://TightPods.com -- stylish protection for your laptop--------------------------------------------------------------------------Attitude is the only difference between ordeal and adventure.-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Terry Wilson
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
HTML encoding in URLs (1997)
problems with 2 tags (1997)
ConvertCharacters (2000)
Cookies and webcat (1997)
Question (1997)
Looking for a Manual (1997)
Autonumber in Table (2006)
Browser Problem?!? Still getting Error message usingPOST! (1997)
2.0 Info (1997)
WebDNA emailer details (2005)
Pref settings? (1998)
FAX orders (1996)
Download URL & access on the fly ? (1997)
Nested tags count question (1997)
Storefornts (1997)
my price won't move (1997)
Announcing general availabilty of WebDNA 4.5 release (2002)
[SearchString] usage (1997)
displaying New products (using [date]) (1997)
Plugin or CGI or both (1997)