[mod_python] can't seem to expire a cookie value

Matt Barnicle mattb at wageslavery.org
Tue Jan 22 15:08:13 EST 2008 

> 22 January 2008 Tuesday 04:00:49 tarihinde Matt Barnicle şunları
> yazmıştı:
>> ok i installed the extension and captured some data..  here is what the
>> header looks like when i click the signout button:
>>
>> Set-Cookie: user_name=matt; expires=Mon, 22-Jan-2007 01:54:01 GMT
>>
>> then when i go back to the home page, my code reads the cookies to see
>> if
>> the cookie called 'user_name' exists, and if so, logs me in and resets
>> the
>> cookies:
>>
>> if cookies.has_key('user_name'):
>> 	cookie = Cookie.Cookie('user_name', user_name)
>> 	cookie.expires = time.time() + 31536000
>> 	Cookie.add_cookie(self.req, cookie)
>
> 1. Seems you are moving the cookie's expiration date one year forward, not
> back; you are making
> an addition. Your problem might be this simple.

sorry for the confusion, what i was doing in this instance was after the
user successfully logs in, this is the code in which i set the user name
in their cookies to begin with, before they log out later on and i try to
expire it..

> 2. Firefox has an option for keeping cookies until they expire or until
> Firefox is closed. Check with
> other browsers, too.

ah, good point..  i double checked and my settings are ok..

> 3. Keeping login information by just checking for the username is not a
> good approach. It is
> pretty easy to 'play' with the cookies. You must have at least one other
> cookie for this (but not
> the password of course).

correct..  i was just trying to get it to work for the time being and then
expand from that.  what i've done now that i've got it working is to
create a unique one way hash id for each user based on a few things, some
of them being random, and store that in the cookies and the user table... 
so when they first arrive to the site and have no session information, i
check for user name + unique hash id and match that to the user table.. 
is there more i could do?  if u have a recommendation or a page that
discusses this in greater length i would be very keen to know about it.

thanks!

- m@

More information about the Mod_python mailing list