Using Max-Age attribute to delete cookie #264
Conversation
According to RFC 2109 (section 4.2.2) a cookie with Max-Age=0 should be discarted immediately.
:max_age value should be a string
|
It looks like your test adjustments reduced coverage. Why didn't you add new tests instead of stealing the expires tests? |
|
According my interpretation about RFC text, expires should be used for cache-control, not for delete cookies. Given tests was in delete cookies context, I thought that makes more sense adjust tests according RFC than write new ones. |
|
Ok, I'll look into this more deeply, although I might have to leave this for post the 1.4 release, as I am uncertain how wide an effect this might have on browsers and applications without significant research. Other than RFC compliance (which I am happy to improve), is there another reason you came across this and need it? Thank you for your patches! |
|
I was working in one project that I had to remove cookies at response of a request. In my tests, when I sent the expire header, browser did not deleted cookies, so I did some research and discover that the RFC says to send header max-age=0. When I sent this header, all browsers that I had tested (i.e. Firefox, Chrome, Safari) has removed cookies properly. |
|
According to http://mrcoles.com/blog/cookies-max-age-vs-expires/ some or all versions of msie do not understand max-age. |
|
@richmeyers thanks for share this post with us. So, I will fix my pull-request, probably this weekend, to implement both headers, i.e. max-age and expires, and execute additional tests against MS-IE, FF, chrome and safari. |
|
Closing this pull request until further work is done. I don't think anyone needs this right now. Feel free to reopen if/when you do the extra work. |
RFC 2109 (section 4.2.2 Set-Cookie Syntax) says that User-Agent should discard cookie immediately if attribute Max-Age is set with 0