Re: Safari cookies

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 66720
interpreted = N
texte = Frank, The expires parameter is supposed to be formatted pretty specifically. I don't see how your expires date would work with any browser. Maybe lenient browsers are treating it as a session cookie (no expires parameter), but at least one browser (Safari?) will refuse to set a cookie if the expires is malformed, as I discovered recently with a typo. To make a cookie expire at the end of a session, set the expiration to a date in the past (you could also use the current date and time, but using a hard-coded past date is easier for me). I used to leave out the expires parameter for a session cookie, but some browsers don't like that these days. (Safari maybe? I forget which one.). Lately I have been using include files in my globals folder to insert properly formatted expires values for past date, current date, 30 minute cookie, 3 day cookie and year cookie. On a cookie setting page where I'm setting multiple cookies, I set text variables up top using the includes to make it cleaner. For instance: (the +5 offset is for US Eastern time, and the time zone is specific to me as well, to account for daylight savings time) cookietime1yr.inc : [format days_to_date %A, %d-%b-%Y][math]{[date]}+{00/00/0001}[/math][/format] [math time]{[time]}+{05:00:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMT cookietimenow.inc: [format days_to_date %A, %d-%b-%Y][math]{[date]}[/math][/format] [math time]{[time]}+{05:00:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMT cookietime30min.inc: (This one accounts for passing midnight if applicable) [format days_to_date %A, %d-%b-%Y][math]{[date]}[showif [math]{[time]}+{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math]<[math]{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math]]+{00/01/0000}[/showif][/math][/format] [math time]{[time]}+{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMT BTW, I wouldn't put the password in as the value of the cookie. This would be visible when inspecting cookies in browser preferences. On a shared computer, this poses a security risk. Once they've passed authentication and you set the cookie, the member name should be enough to know about, right? Hope this helps, Terry >Is there anything unusual I have to be aware of concerning Safari andcookies? > >I've had a member login script at one of my sites for ages. >Fairlystandard script and it seems to have worked quite well but now >it turnsout Safari doesn't allow it to set the cookie. > >The script looks like this: > >[SHOWIF >[PW]=[LOOKUPdb=memberbase.db&lookInField=NAME&value=[MEMBER]&returnField=PASSWORD¬Found=none]] >[SETCOOKIE >name=musicavivalogin&value=[MEMBER][PW]&expires=[MATHDATE]({[DATE]}+2)[/MATH]&path=/&domain=www.musicaviva.com] >[/SHOWIF] > >Btw, is there a way to make the cookie expire at the end of the >session?Somehow I've never got the script to work without spcifying >anexpiration date. > >Frank Nordberg >http://www.musicaviva.com -- Terry Wilson | terry@terryfic.com | http://terryfic.com http://WhosComing.com - a simplified, affordable online reservation system http://TightPods.com -- stylish protection for your laptop -------------------------------------------------------------------------- Attitude is the only difference between ordeal and adventure. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Safari cookies ( Frank Nordberg 2006)
  2. Re: Safari cookies ( Terry Wilson 2006)
  3. Safari cookies ( Frank Nordberg 2006)
Frank, The expires parameter is supposed to be formatted pretty specifically. I don't see how your expires date would work with any browser. Maybe lenient browsers are treating it as a session cookie (no expires parameter), but at least one browser (Safari?) will refuse to set a cookie if the expires is malformed, as I discovered recently with a typo. To make a cookie expire at the end of a session, set the expiration to a date in the past (you could also use the current date and time, but using a hard-coded past date is easier for me). I used to leave out the expires parameter for a session cookie, but some browsers don't like that these days. (Safari maybe? I forget which one.). Lately I have been using include files in my globals folder to insert properly formatted expires values for past date, current date, 30 minute cookie, 3 day cookie and year cookie. On a cookie setting page where I'm setting multiple cookies, I set text variables up top using the includes to make it cleaner. For instance: (the +5 offset is for US Eastern time, and the time zone is specific to me as well, to account for daylight savings time) cookietime1yr.inc : [format days_to_date %A, %d-%b-%Y][math]{[date]}+{00/00/0001}[/math][/format] [math time]{[time]}+{05:00:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMT cookietimenow.inc: [format days_to_date %A, %d-%b-%Y][math]{[date]}[/math][/format] [math time]{[time]}+{05:00:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMT cookietime30min.inc: (This one accounts for passing midnight if applicable) [format days_to_date %A, %d-%b-%Y][math]{[date]}[showif [math]{[time]}+{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math]<[math]{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math]]+{00/01/0000}[/showif][/math][/format] [math time]{[time]}+{05:30:00}[showif [date %Z]=EDT]-{01:00:00}[/showif][/math] GMT BTW, I wouldn't put the password in as the value of the cookie. This would be visible when inspecting cookies in browser preferences. On a shared computer, this poses a security risk. Once they've passed authentication and you set the cookie, the member name should be enough to know about, right? Hope this helps, Terry >Is there anything unusual I have to be aware of concerning Safari andcookies? > >I've had a member login script at one of my sites for ages. >Fairlystandard script and it seems to have worked quite well but now >it turnsout Safari doesn't allow it to set the cookie. > >The script looks like this: > >[SHOWIF >[PW]=[LOOKUPdb=memberbase.db&lookInField=NAME&value=[MEMBER]&returnField=PASSWORD¬Found=none]] >[SETCOOKIE >name=musicavivalogin&value=[MEMBER][PW]&expires=[MATHDATE]({[date]}+2)[/MATH]&path=/&domain=www.musicaviva.com] >[/SHOWIF] > >Btw, is there a way to make the cookie expire at the end of the >session?Somehow I've never got the script to work without spcifying >anexpiration date. > >Frank Nordberg >http://www.musicaviva.com -- Terry Wilson | terry@terryfic.com | http://terryfic.com http://WhosComing.com - a simplified, affordable online reservation system http://TightPods.com -- stylish protection for your laptop -------------------------------------------------------------------------- Attitude is the only difference between ordeal and adventure. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Terry Wilson

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

HTML encoding in URLs (1997) problems with 2 tags (1997) ConvertCharacters (2000) Cookies and webcat (1997) Question (1997) Looking for a Manual (1997) Autonumber in Table (2006) Browser Problem?!? Still getting Error message usingPOST! (1997) 2.0 Info (1997) WebDNA emailer details (2005) Pref settings? (1998) FAX orders (1996) Download URL & access on the fly ? (1997) Nested tags count question (1997) Storefornts (1997) my price won't move (1997) Announcing general availabilty of WebDNA 4.5 release (2002) [SearchString] usage (1997) displaying New products (using [date]) (1997) Plugin or CGI or both (1997)