Say I wrote an ajax script to send out HTTP requests via ajax. Any
cookies that I have associated with that site will be sent along with
this HTTP request. Is there a way to prevent this from happening? I
tried the following to no avail:
http.setRequest Header('Cookie' ,''); 13 13888
yawnmoth wrote: Say I wrote an ajax script to send out HTTP requests via ajax. Any cookies that I have associated with that site will be sent along with this HTTP request. Is there a way to prevent this from happening? I tried the following to no avail:
http.setRequest Header('Cookie' ,'');
var tmp = document.cookie ;
document.cookie = '';
sendRequest();
document.cookie = tmp;
( ? )
VK wrote: yawnmoth wrote: Say I wrote an ajax script to send out HTTP requests via ajax. Any cookies that I have associated with that site will be sent along with this HTTP request. Is there a way to prevent this from happening?
I don't think so. Why would that be necessary anyway?
I tried the following to no avail:
http.setRequest Header('Cookie' ,'');
This cannot work because the Cookie header value must not be empty.
See RFC2965, 3.3.4.
var tmp = document.cookie ; document.cookie = ''; sendRequest(); document.cookie = tmp;
( ? )
Definitely not. As can be proven easily, assigning the empty string to
document.cookie does not delete all cookies for this resource.
It merely adds a new session cookie with empty name and value for the
current domain and path -- although that particular behavior may be
UA-dependent (I tested with Firefox 1.5.0.1/Linux).
Tests with that UA also indicate that since it is not possible to determine
what the domain and path components were when a cookie was set, it is not
possible to delete it reliably using the value of document.cookie s only as
it is not possible to delete a cookie when domain and path component do not
match (implicitly).
PointedEars
Thomas 'PointedEars' Lahn wrote: VK wrote:
yawnmoth wrote: Say I wrote an ajax script to send out HTTP requests via ajax. Any cookies that I have associated with that site will be sent along with this HTTP request. Is there a way to prevent this from happening? I don't think so. Why would that be necessary anyway? I tried the following to no avail:
http.setRequest Header('Cookie' ,'');
This cannot work because the Cookie header value must not be empty. See RFC2965, 3.3.4.
var tmp = document.cookie ; document.cookie = ''; sendRequest(); document.cookie = tmp;
( ? )
Definitely not. As can be proven easily, assigning the empty string to document.cookie does not delete all cookies for this resource.
Right. I forgot (it was a while I played with cookies client-side) that
cookie property works like an electric diod: it has different
"resistance " depending on what side of expression it is used.
On the right side it has "zero resistance" so by saying:
var foo = document.cookie ;
you are grabbing all cookies with all attributes available for the
given document.
On the left side it has "high resistance" so you can address only one
cookie at time, so by saying:
document.cookie = foo;
document.cookie = bar;
you are not overriding foo by bar, but setting two separate cookies
(foo and bar).
So the proposed algorithm, if it's indeed the only way (I don't know
and actually I hope not) must be adjusted into a much more complicated
way:
1) grab all cookies by
var foo = document.cookie ;
2) Parse cookie string "foo", extract each separate cookie and make it
expired (or override it with empty string):
document.cookie = cookie1;
document.cookie = cookie2;
etc.
3) Send request.
4) Restore all cookies back using the same algorithm as on step 2.
For one of these "update every 10ms" :-) ajaxoids this approach is very
questionnable to work. For a single or rare requests it is doable:
again if there is nothing better than that.
VK wrote: Thomas 'PointedEars' Lahn wrote: VK wrote: > yawnmoth wrote: >> Say I wrote an ajax script to send out HTTP requests via ajax. Any >> cookies that I have associated with that site will be sent along with >> this HTTP request. Is there a way to prevent this from happening? [...] > var tmp = document.cookie ; > document.cookie = ''; > sendRequest(); > document.cookie = tmp; > > ( ? ) Definitely not. As can be proven easily, assigning the empty string to document.cookie does not delete all cookies for this resource.
[...] So the proposed algorithm, if it's indeed the only way (I don't know and actually I hope not) must be adjusted into a much more complicated way:
1) grab all cookies by var foo = document.cookie ;
2) Parse cookie string "foo", extract each separate cookie and make it expired (or override it with empty string): document.cookie = cookie1; document.cookie = cookie2; etc.
As I said, step 2 is not possible. Once in a while you should read what
you reply to.
PointedEars
Thomas 'PointedEars' Lahn wrote: 2) Parse cookie string "foo", extract each separate cookie and make it expired (or override it with empty string): document.cookie = cookie1; document.cookie = cookie2; etc.
As I said, step 2 is not possible. Once in a while you should read what you reply to.
What do you mean "impossible "? How do you think all JavaScript cookie
management systems work?
Read some manual like
<http://www.netspade.co m/articles/2005/11/16/javascript-cookies/>
VK wrote: Thomas 'PointedEars' Lahn wrote: > 2) Parse cookie string "foo", extract each separate cookie > and make it expired (or override it with empty string): > document.cookie = cookie1; > document.cookie = cookie2; > etc. As I said, step 2 is not possible. Once in a while you should read what you reply to.
What do you mean "impossible "?
Impossible as in "not possible".
How do you think all JavaScript cookie management systems work?
I do not know. Why do you think that is relevant? The reference
implementation does not support it already.
Read some manual like <http://www.netspade.co m/articles/2005/11/16/javascript-cookies/>
Read the comments for the deleteCookie() method there, then see my
signature. Did I mention that you should read what you reply to?
PointedEars
--
Learn to think clearly.
Learn to distinguish: What is, and what seems to be.
-- Surak
On 14/02/2006 19:00, VK wrote: Thomas 'PointedEars' Lahn wrote:
VK wrote:
2) Parse cookie string "foo", extract each separate cookie and make it expired [...] As I said, step 2 is not possible. Once in a while you should read what you reply to.
What do you mean "impossible "?
Not possible.
How do you think all JavaScript cookie management systems work?
Thomas clearly has a greater understanding than you do, but that is
hardly a surprise, is it?
When a cookie is created, it is possible to specify path and domain
parameters to explicitly define the scope of that cookie. In order to
modify a particular cookie, this extra information needs to be resupplied.
Example:
Set-Cookie: name=value; expires=Tue, 14-Feb-2005 20:00:00 GMT;
path=/foo
Expected:
Cookie: name=value
Actual:
Cookie: name=value
Your suggestion:
Set-Cookie: name=value; expires=Thu, 01-Jan-1970 00:00:00 GMT
You expect:
<no Cookie header>
Actual:
Cookie: name=value
The two cookies do not match. The second Set-Cookie header (or
document.cookie property equivalent) effectively creates a second cookie
that has already expired.
If user agents implemented RFC 2965 (and I know of none that do), this
necessary information would be supplied in the Cookie request header,
along with the cookie values, and it could indeed be parsed out and used
for deletion.
Read some manual
Pot. Kettle. Black.
like <http://www.netspade.co m/articles/2005/11/16/javascript-cookies/>
That isn't a manual, and it doesn't support your assertions (quite the
opposite, in fact).
Mike
--
Michael Winter
Prefix subject with [News] before replying by e-mail.
Michael Winter wrote: On 14/02/2006 19:00, VK wrote:
Thomas 'PointedEars' Lahn wrote:
VK wrote:
2) Parse cookie string "foo", extract each separate cookie and make it expired [...]
As I said, step 2 is not possible. Once in a while you should read what you reply to. What do you mean "impossible "?
Not possible.
How do you think all JavaScript cookie management systems work?
Thomas clearly has a greater understanding than you do, but that is hardly a surprise, is it?
Not really - specially as I'm getting more and more hard to be
surprised recently :-)
Thomas doesn't have better understanding, but he's already getting what
attitude (atop of his regular one :-) which may infect you if stay
regularly on clj.
Namely when someone is asking "I have situation A there I would like to
accomplish the action X" one doesn't think about the practical answer
first:- but she thinks first of situations B, C, ...Z where the action
X may fail or not possible or not blessed etc. That's should be the
secondary thinking one is welcome to place at the postscriptum of the
solution. And if you have no solution, then do not post at all (a
letter consisting of a postscriptum only is a rather strange thing).
It's all IMHighlyHO and off-topic.
Now reading OP's original question once over: "Any cookies that I have
associated with that site will be sent along with this HTTP request".
*I have associated*
From my (possibly wrong) reading of this sentence I concluded that OP
knows what cookies, for what domain and what path did he set.
name/domain/path exact match was implemented for exactly the opposite
situation: when someone wants to destroy cookie set by someone else.
Again it might be my mistake but I did not read this situation out of
the post.
VK wrote: <snip>From my (possibly wrong) reading of this sentence I concluded that OP knows what cookies, for what domain and what path did he set.
That is indeed the case. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Steve Edwards |
last post by:
I maintain a site for an athletic club, and on it I have a form that people
can submit that requests a free guest pass. The form contents are sent to
an address at the club, and then the club contacts the person to make an
appointment. The club would like to start logging the requests and then get
weekly updates sent to them via e-mail of all the guest pass requests
submitted. Logging the requests and creating the e-mail with all the...
|
by: Michael Foord |
last post by:
#!/usr/bin/python -u
# 15-09-04
# v1.0.0
# auth_example.py
# A simple script manually demonstrating basic authentication.
# Copyright Michael Foord
# Free to use, modify and relicense.
# No warranty express or implied for the accuracy, fitness to purpose
|
by: fochie |
last post by:
Greetings,
I'm trying to send data to my server using xmlhttp POST. The data being
sent is actually an HTML page that is built with javascript in the
browser. The HTML code contains a small javascript function in the
<HEAD> section. I applied encodeURIComponent to the data prior to
sending it but anything between the <script> </script> tags does not
get sent. The tramsmitted data is cought by a Perl script on the
server, it handles the...
|
by: Michael Evanchik |
last post by:
Hello all, since i wanted to use ssl and its seems easy to do so with this
object. Im trying to login to a webserver (aol) for this example. But for
some reason, im packet sniffing with ethreal and cookies are not being sent
along with the header and post data. here is the code im using. Can anyone
please tell me why this is happening? I do not want to go back to using VB6
and the inet control!!!
If you notice in my class below, i...
|
by: Andres |
last post by:
I am creating a web request (HttpWebRequest) from a web
page in order to retrieve the Html from another page and
embed it in the calling page. When you create a
HttpWebRequest the request is created empty, so I need to
populate its headers in order to send cookies for
authentication purposes.
This is the code fragment:
....
| |
by: junOnline |
last post by:
Hi, I am developing an asp.net 2.0 application using visual studio 2005 on my
computer and I am getting very inconsistent results when I test on my
computer versus from other computers.
The symptom of the problem is that the web server does not receive cookie
information from the browser after I have properly logged in to the web
server. Without this information, my session state keeps on getting lost and
the authentication logic sends...
|
by: yawnmoth |
last post by:
Is it possible to send http requests with curl but not have curl wait
for the response?
The reason I ask is because I'd like to code a web app that can sorta
start time consuming processes without the user having to wait. I'm
doing this (with fsockopen) by sending an http request to a page that
does the time consuming stuff and then immediatly closing, without
having read any of the response. This way, I don't have to wait for
the...
|
by: barrybevel |
last post by:
Hi,
I have a very small simple program below which does the following:
1) post a username & password to a website - THIS WORKS
2) follow a link - THIS WORKS
3) update values of 2 fields and post the form - ERROR!
This works fine using firefox even with javascript turned off.
But when using Perl (v5.8.8 on FC5) I get a page back stating an error has occured:
"We're sorry, an error has occurred. Please review the error below
There has...
|
by: ofiras |
last post by:
Hello everyone,
How can I sand a post to a web page?
I want that when the page is trying to fetch a post variable, it will
be something the program defined first.
Please help,
Ofir.
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |