login about faq

Hi,

when I login to site with HTTP module and then logout I'm still logged in - I noticed that cookies are not updated after logout (using Chilkat 9.4.1 .NET 4.0 32 bit)

---- Received ----
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2013 09:47:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Set-Cookie: memberID=33633; path=/
Set-Cookie: memberPassword=8832235d753b9b816fa0748e41cbd2ac6b54fcf4; path=/; httponly
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

---- Sending ----
GET http://a.com/logout.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; es-ES; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
Host: a.com
Cookie: memberSession=w%21n%2CKwgcfVQ%3Dv4tj%2F7%2Ck2fSqGv%3D%2FyPeq; memberID=33633; memberPassword=8832235d753b9b816fa0748e41cbd2ac6b54fcf4

---- Received ----
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2013 09:47:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Tue, 16 Apr 2013 09:47:19 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: memberID=deleted; expires=Mon, 16-Apr-2012 09:47:18 GMT; path=/
Set-Cookie: memberPassword=deleted; expires=Mon, 16-Apr-2012 09:47:18 GMT; path=/
Last-Modified: Tue, 16 Apr 2013 09:47:19 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

---- Sending ----
GET http://a.com HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; es-ES; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
Host: a.com
Cookie: memberSession=w%21n%2CKwgcfVQ%3Dv4tj%2F7%2Ck2fSqGv%3D%2FyPeq; memberID=33633; memberPassword=8832235d753b9b816fa0748e41cbd2ac6b54fcf4

---- Received ----
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2013 09:47:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

asked Apr 16 '13 at 05:55

ekapek's gravatar image

ekapek
26559


link

answered Apr 16 '13 at 11:27

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

I see that the memberID and memberPassword cookies should be deleted because of these response headers:

Set-Cookie: memberID=deleted; expires=Mon, 16-Apr-2012 09:47:18 GMT; path=/
Set-Cookie: memberPassword=deleted; expires=Mon, 16-Apr-2012 09:47:18 GMT; path=/
Note: The cookies are deleted because the "expires" date is set to a date in the past (1 month ago).

(For clarification for other readers: The fact that the cookie is being set to the string "deleted" is not what triggers the client-side software to delete the cookie. The string "deleted" is not a special keyword.)

However, I don't see a response header indicating that the memberSession cookie should be deleted. In the subsequent GET request, I see that memberSession is sent (because it hasn't been deleted), but memberID and memberPassword are no longer sent. Am I incorrect in my observations?

link

answered Apr 16 '13 at 08:37

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

memberID and memberPassword are send (they ar not overwritten to "deleted" and not deleted due to past date):

---- Sending ----
GET http://a.com HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; ko; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2
Host: a.com
Cookie: memberSession=W%3Dd%2CKz%26%2Fpg77WAYMD3tySz%215bZVEwhGD; memberID=33633; memberPassword=8832235d753b9b816fa0748e41cbd2ac6b54fcf4
link

answered Apr 16 '13 at 08:41

ekapek's gravatar image

ekapek
26559

edited Apr 16 '13 at 08:46

Thanks! I missed that because of the scrolling..

(Apr 16 '13 at 08:55) chilkat ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×186

Asked: Apr 16 '13 at 05:55

Seen: 1,011 times

Last updated: Apr 16 '13 at 11:27

powered by OSQA