Archived Forum Post
Index of archived forum posts
Question:
Archived Forum PostQuestion:
Hi,
when I login to site with HTTP module and then logout I'm still logged in - I noticed that cookies are not updated after logout (using Chilkat 9.4.1 .NET 4.0 32 bit)
---- Received ----
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2013 09:47:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Set-Cookie: memberID=33633; path=/
Set-Cookie: memberPassword=8832235d753b9b816fa0748e41cbd2ac6b54fcf4; path=/; httponly
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
---- Sending ----
GET http://a.com/logout.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; es-ES; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
Host: a.com
Cookie: memberSession=w%21n%2CKwgcfVQ%3Dv4tj%2F7%2Ck2fSqGv%3D%2FyPeq; memberID=33633; memberPassword=8832235d753b9b816fa0748e41cbd2ac6b54fcf4
---- Received ----
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2013 09:47:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Tue, 16 Apr 2013 09:47:19 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: memberID=deleted; expires=Mon, 16-Apr-2012 09:47:18 GMT; path=/
Set-Cookie: memberPassword=deleted; expires=Mon, 16-Apr-2012 09:47:18 GMT; path=/
Last-Modified: Tue, 16 Apr 2013 09:47:19 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
---- Sending ----
GET http://a.com HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; es-ES; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
Host: a.com
Cookie: memberSession=w%21n%2CKwgcfVQ%3Dv4tj%2F7%2Ck2fSqGv%3D%2FyPeq; memberID=33633; memberPassword=8832235d753b9b816fa0748e41cbd2ac6b54fcf4
---- Received ----
HTTP/1.1 200 OK
Date: Tue, 16 Apr 2013 09:47:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Here's a v9.4.1 pre-release with the fix:
32-bit: http://www.chilkatsoft.com/preRelease/ChilkatDotNet4.zip
64-bit: http://www.chilkatsoft.com/preRelease/ChilkatDotNet4_x64.zip
I see that the memberID and memberPassword cookies should be deleted because of these response headers:
Set-Cookie: memberID=deleted; expires=Mon, 16-Apr-2012 09:47:18 GMT; path=/ Set-Cookie: memberPassword=deleted; expires=Mon, 16-Apr-2012 09:47:18 GMT; path=/Note: The cookies are deleted because the "expires" date is set to a date in the past (1 month ago).
(For clarification for other readers: The fact that the cookie is being set to the string "deleted" is not what triggers the client-side software to delete the cookie. The string "deleted" is not a special keyword.)
However, I don't see a response header indicating that the memberSession cookie should be deleted. In the subsequent GET request, I see that memberSession is sent (because it hasn't been deleted), but memberID and memberPassword are no longer sent. Am I incorrect in my observations?
memberID and memberPassword are send (they ar not overwritten to "deleted" and not deleted due to past date):
---- Sending ----
GET http://a.com HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; ko; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2
Host: a.com
Cookie: memberSession=W%3Dd%2CKz%26%2Fpg77WAYMD3tySz%215bZVEwhGD; memberID=33633; memberPassword=8832235d753b9b816fa0748e41cbd2ac6b54fcf4