[mod_python] can't seem to expire a cookie value

Eric Strand estrand at isomedia.com
Tue Jan 22 00:57:15 EST 2008 

I fear that your work around might run into the same trouble with the 
paths if you are setting the login state to not-logged-in from the same 
context in which you are trying to expire you current cookie.

You might try using:

   PythonOption ApplicationPath /

or for mod_python version 3.3:

   mod_python.session.application_path /

in your Apache config.

In my experience it keeps cookies from my site at the root level without 
any path information.

--Eric




Matt Barnicle wrote:
> well now i've ditched my current effort and decided to take a different
> tact and added another cookie var to maintain login state rather than
> trying to expire user_name.  i just couldn't spend any more time on this
> thing right now i've got a lot of pressing things to take care of...  in
> my code updates i noticed the 'path' attribute..  when i sign out, the
> sign out link is /user/signout, and it looks like it was adding those
> cookie vars to the '/user' path, which i didn't understand at all
> previously..  *sigh*  so i think that is the real problem here.  i didn't
> investigate it bc like i said i had to move on and come up with another
> solution..  thanks so much for your attention and help..
> 
> - m@
> 
>> What Cookie header gets sent by the browser on the request after you
>> have tried to expire it. Ie., dump out values of req.headers_in form
>> request handler to see what is passed in.
>>
>> Graham
>>
>> On 22/01/2008, Matt Barnicle <mattb at wageslavery.org> wrote:
>>> ok i installed the extension and captured some data..  here is what the
>>> header looks like when i click the signout button:
>>>
>>> Set-Cookie: user_name=matt; expires=Mon, 22-Jan-2007 01:54:01 GMT
>>>
>>> then when i go back to the home page, my code reads the cookies to see
>>> if
>>> the cookie called 'user_name' exists, and if so, logs me in and resets
>>> the
>>> cookies:
>>>
>>> if cookies.has_key('user_name'):
>>>         cookie = Cookie.Cookie('user_name', user_name)
>>>         cookie.expires = time.time() + 31536000
>>>         Cookie.add_cookie(self.req, cookie)
>>>
>>> i thought maybe i need to check the expiry date of the cookie, so i
>>> tried
>>> that with the following code:
>>>
>>>         self.req.write(str(cookies['user_name']) + '<br>\n')
>>>         self.req.write('expires: ' + cookies['user_name'].expires +
>>> '<br>\n')
>>>
>>> but that throws the following error:
>>>
>>>         File "/usr/lib/python2.5/site-packages/mod_python/Cookie.py",
>>> line 93,
>>>         in get_expires
>>>                 return self._expires
>>>
>>>         AttributeError: _expires
>>>
>>> - m@
>>>
>>>> Have you checked what the actual cookie header returned to the browser
>>>> is and verified that what is in it is what you expect? Post the value
>>>> of the header here so we can see it.
>>>>
>>>> Use FireFox live headers extension to see value of header, or in your
>>>> mod_python code output to error log file the output of req.headers_out
>>>> or req.err_headers_out to see what it is.
>>>>
>>>> Graham
>>>>
>>>> On 22/01/2008, Matt Barnicle <mattb at wageslavery.org> wrote:
>>>>>> 21 January 2008 Monday 10:49:57 tarihinde Matt Barnicle þunlarý
>>>>> yazmýþtý:
>>>>>>> understand it, if i want to effectively remove a cookie from the
>>> UA,
>>>>> there
>>>>>>> is no way to do it, so u just have to set the expiry date to a
>>> time
>>>>> in the
>>>>>>> past, right?  but any efforts i make seem to fail.  here is the
>>> code:
>>>>>>> cookie = Cookie.Cookie('user_name', cookies['user_name'].value)
>>>>> cookie.expires = int(time.time()) - 31536000 # minus 1 year from now
>>>>> Cookie.add_cookie(self.req, cookie)
>>>>>> Might be a problem of using int(), examples in the mod_python
>>>>>> documentation don't use int():
>>>>>>
>>>>>> http://www.modpython.org/live/current/doc-html/pyapi-cookie-example.html
>>>>> i first tried it exactly like in the docs, then i tried int bc i know
>>>>> the
>>>>> official way to do it is to use int seconds since GMT...  i also
>>> tried
>>>>> splitting time.time() on the period, and taking the int value of the
>>>>> first
>>>>> bit.  anyways it works ok when i log in then i check my cookies using
>>>>> firefox web developer toolbar, it just doesn't seem to want to expire
>>>>> the
>>>>> cookie when i use this method..
>>>>>
>>>>> - m@
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Mod_python mailing list
>>>>> Mod_python at modpython.org
>>>>> http://mailman.modpython.org/mailman/listinfo/mod_python
>>>>>
>>>
>>>
> 
> 
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>

More information about the Mod_python mailing list