Re: [Cppcms-users] About exposed cookie management
Brought to you by:
artyom-beilis
Menu
▾
▴
Re: [Cppcms-users] About exposed cookie management
|
From: redred77 <red...@gm...> - 2015-12-25 00:08:12
|
Yeah, I used browser based expiration. It lost session before browser is closed. I opened a new ticket for it. http://sourceforge.net/p/cppcms/bugs/143/ Great to hear new beta release anyway! (I aknowledged this morning. Recent mail was in spam folder) Very interesting improvements. Awesome works! Happy Christmas! 2015-12-25 5:59 GMT+09:00 Artyom Beilis <art...@ya...>: > What kind of session expiration you use? fixed, renew or browser? > > See session cookie and related cookies should have same expiration time. > So when session expires > the cookie should disappear as well. > > I'm thinking that maybe you use browser session and it expires before the > browser is closed. And than > cookie is not properly deleted because session does not know what keys are > exposed there and what should > be deleted. > > It looks to me like a bug... Also from what I think it happens only with > browser based session (i.e. cookies without max-time/expires properties) > that expires before the browser is closed. > > Can you confirm and if this is right open a ticket? > > As a workaround of the issue you can use > > // test if there is no session key but cookie exists. > if(!session().is_set("test") > && > request().cookies().find("[prefix]_test")!=request().cookies().end()) > { > // remove the cookie > response().set_cookie(cppcms::http::cookie("test","",0)); > } > > > Artyom > > > > ------------------------------ > *From:* redred77 <red...@gm...> > *To:* cpp...@li... > *Sent:* Thursday, December 24, 2015 7:34 PM > *Subject:* [Cppcms-users] About exposed cookie management > > Hi > > I'm testing cppcms, and stuck with cookie management. > This is sample code I'm using. > > session().set("test", "testvalue"); > session().expose("test"); > > I could see the cookie exposed like "(prefix)_test". > Also, I could see main encrypted session cookie which contains all info. > > > It works as intended but when main session expires, things not work as I > expected. > "test" key is gone away since main session cookie was invalid anymore, but > exposed "test" cookie key was still alive and transferred between client > and server. > > > 1. Is it right behaviour? Or have I misconfigured something? > I thought that session() in cppcms guarantees the lifecycle of "main > session key" and "exposed cookie" together. > > When session key is invalid anymore, I thought cookie would be deleted too. > > I quite don't know the mechanism underlying cppcms, so I want to know if > I'm doing right. > > > > > 2. Actually, it's not a big problem because I can check "test" key from > session and invalidate from server. > Currently, I'm deleting exposed cookie key like this. > > > if (!session().is_set("test")) { > session().set("test", ""); > session().expose("test"); > } > > > When there's no valid "test" key in session, it makes that key with empty > string and expose it. > I tried many other methods, like hide(), clear(), but only this worked > when previous session already expired. > > I feel like I'm doing in inefficient way. > > > I don't know simpler api from cppcms. > Can anybody suggest better api or approach for deleting plain cookie from > cppcms? > > > > Thanks. > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Cppcms-users mailing list > Cpp...@li... > https://lists.sourceforge.net/lists/listinfo/cppcms-users > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Cppcms-users mailing list > Cpp...@li... > https://lists.sourceforge.net/lists/listinfo/cppcms-users > > |
