hwg-techniques archives Dec 2001 new search results previous next

Cookies

by "John Murray" <jmnc(at)lis.net.au>

 Date:  Sat, 8 Dec 2001 19:45:32 +1100
 To:  <hwg-techniques(at)hwg.org>
  todo: View Thread, Original 
I'm playing around with cookies. I whack old expiry dates in them to get rid
of them or future dates to bring them back, as I change the scripts and then
reload into a browser.

This type of thing:
document.cookie = 'fred=AA12345ccc;' + 'expires=Mon, 13-Oct-2002 12:40:34
GMT'
alert(document.cookie)

The next thing you know I get a leading ";"in front of fred in the alert I
toss document.cookie into. You know ";fred=AA12345ccc".

I think "Where the #$^@ did that come from?" I get rid of "fred by changing
the expriy date. Now the alert box is empty.

In the end I figure I'll accept that there is a cookie consiting of space or
a ";" character as well as my "fred" cookie in the cookie collection the
browser program has tagged against the domain and path the file that is
setting the cookie is found in.

So I do this:

document.cookie = 'fred=AA12345ccc;' + 'expires=Mon, 13-Oct-2002 12:40:34
GMT'
document.cookie = ';' + 'expires=Mon, 13-Oct-1995 12:40:34 GMT'
alert(document.cookie)

And hey presto the leading ";" is gone.

I'm IE 5.5 over win98SE.

Cookies without dates are regarded as dead as far "document.cookie" being
able to bring them to you when you close the browser window, or when you
load them with a old date in a document.cookie assignment as I did above.
[When they actually get deleted from the users hard drive is a different
issue, I understand.]

Of the five things you can whack in a cookie, 4 are named pairs, and three
of those named pairs have an explicit name. For example 'expires' above is
one of those explicit names.

The interesting thing I found with my browser was that the name of the
cookie get's set by the first piece of text in your string before an "=".

That is, if you do this:

document.cookie = 'expires=Mon, 13-Oct-2002 12:40:34 GMT;' +
'fred=AA12345ccc'

A cookie 'expires=Mon, 13-Oct-2002 12:40:34 GMT' will get tagged to the
collection of cookies associated with the domain and path that set them
[without explicitly making it different].

And you get rid of it by identifying it as is again and them putting a
second "expires" at an earlier date to get rid of it:

document.cookie = 'expires=Mon, 13-Oct-2002 12:40:34 GMT;' + 'expires=Mon,
13-Oct-1999 12:40:34 GMT'

And where did that stray ";" come from talked about above? Well if you
reverse the order as in:

document.cookie = 'expires=Mon, 13-Oct-2002 12:40:34 GMT;' +
'fred=AA12345ccc'

for some reason it assumes adds that leading ";".

The bottom line - if you find a stray ";" in your cookies on a
alert(document.cookie) then run these lines in a script:

document.cookie = ';' + 'expires=Mon, 13-Oct-1995 12:40:34 GMT'
alert(document.cookie)

and see if it goes.

Thats what I think I've sussed out anyway.

[Why am I posting this? To see if anyone sees errors in my analysis worth
pointing out. And for the next guy that searches "Cookies" in the list
archives. I did and found not much. And he'll read this. And then maybe
he'll then do the same for the next bloke. And, while I don't know who that
means will wind up with the bucks in a situation where info is openly
shared, I'm willing to punt there'll be more bucks to share around]

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA