New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using Max-Age attribute to delete cookie #264
Conversation
According to RFC 2109 (section 4.2.2) a cookie with Max-Age=0 should be discarted immediately.
:max_age value should be a string
It looks like your test adjustments reduced coverage. Why didn't you add new tests instead of stealing the expires tests? |
According my interpretation about RFC text, expires should be used for cache-control, not for delete cookies. Given tests was in delete cookies context, I thought that makes more sense adjust tests according RFC than write new ones. |
Ok, I'll look into this more deeply, although I might have to leave this for post the 1.4 release, as I am uncertain how wide an effect this might have on browsers and applications without significant research. Other than RFC compliance (which I am happy to improve), is there another reason you came across this and need it? Thank you for your patches! |
I was working in one project that I had to remove cookies at response of a request. In my tests, when I sent the expire header, browser did not deleted cookies, so I did some research and discover that the RFC says to send header max-age=0. When I sent this header, all browsers that I had tested (i.e. Firefox, Chrome, Safari) has removed cookies properly. |
According to http://mrcoles.com/blog/cookies-max-age-vs-expires/ some or all versions of msie do not understand max-age. |
@richmeyers thanks for share this post with us. So, I will fix my pull-request, probably this weekend, to implement both headers, i.e. max-age and expires, and execute additional tests against MS-IE, FF, chrome and safari. |
Closing this pull request until further work is done. I don't think anyone needs this right now. Feel free to reopen if/when you do the extra work. |
RFC 2109 (section 4.2.2 Set-Cookie Syntax) says that User-Agent should discard cookie immediately if attribute Max-Age is set with 0