473,379 Members | 2,784 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,379 software developers and data experts.

What does a cookie expires exactly mean?


What happens when a cookie expires? Does it mean that when the browser or
sessions ends, it doesn't get saved?

I am using Opera and looking at available cookies and I can some cookies
that have expiration dates in the past. Does this mean that they are in
memory and they are still valid cookies which sites can test for their
existance and return true. I thought if a cookie's expiration is set in the
past, it gets removed from memory and is not available anymore for the next
request.
--
John Dalberg
Jul 23 '05 #1
8 14001
John Dalberg wrote:
What happens when a cookie expires?
It is no longer sent to the origin server when a HTTP request is made.
The cookie could still persist on the client, but it won't be
transmitted so it doesn't matter if it deleted because either way, you
won't be able to access it.
Does it mean that when the browser or sessions ends, it doesn't get saved?
In the case of session cookies - those cookies sent without an expires
(Netscape version) or Max-Age (RFC version) attribute - they are never
saved and only exist for the length of the session. Cookies with an
expires date in the past, or a Max-Age value of zero (0) seconds, must
expire immediately. Any other cookie is stored and transmitted up
until the point of expiration.
I am using Opera and looking at available cookies [...]
In the preferences, or request headers sent to a site?
[...] I thought if a cookie's expiration is set in the past, it
gets removed from memory and is not available anymore for the next
request.


It shouldn't be available. However, it would really be up to the user
agent to decide when to physically delete cookies. It might be
immediately. It might be during a garbage collection cycle. It might
be when it's completely shut down. As long as it doesn't appear in
request headers, it doesn't really matter.

Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 23 '05 #2
JRS: In article <75*****************@text.news.blueyonder.co.uk> , dated
Thu, 17 Mar 2005 17:26:27, seen in news:comp.lang.javascript, Michael
Winter <m.******@blueyonder.co.invalid> posted :

In the case of session cookies - those cookies sent without an expires
(Netscape version) or Max-Age (RFC version) attribute - they are never
saved and only exist for the length of the session. Cookies with an
expires date in the past, or a Max-Age value of zero (0) seconds, must
expire immediately. Any other cookie is stored and transmitted up
until the point of expiration.


I don't recall Max-Age being mentioned here before; ISTM that a few more
words on the subject might be useful.

--
John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 IE 4
<URL:http://www.jibbering.com/faq/> JL/RC: FAQ of news:comp.lang.javascript
<URL:http://www.merlyn.demon.co.uk/js-index.htm> jscr maths, dates, sources.
<URL:http://www.merlyn.demon.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.
Jul 23 '05 #3
Dr John Stockton wrote:

[snip]
I don't recall Max-Age being mentioned here before; ISTM that a few
more words on the subject might be useful.


There are two approaches to state management: Netscape's original
proposal[1] and that specified by RFC 2965 - HTTP State Management
Mechanism[2]. The latter has HTTP/1.1 in mind, and differs in some
regards, though I haven't made a detailed comparison.

Perhaps the most notable change in the values sent in the respective
headers is the replacement of expires with Max-Age. Rather than
sending a formatted date, one would send a (optionally quoted) decimal
number which specifies the number of seconds during which the cookie
should be considered valid. Precisely how age and freshness are
determined is specified in sections 13.2.3 - Age Calculations and
13.2.4 - Expiration Calculations of RFC 2616 - Hypertext Transfer
Protocol -- HTTP/1.1[3].

As far as Max-Age and the document.cookie property is concerned, it's
best to avoid it. I can only recall Mozilla accepting it, though
others might if sent in the HTTP response headers - I've never
honestly bothered to check. I mentioned it for completeness.

Mike
[1] <URL:http://www.netscape.com/newsref/std/cookie_spec.html>
[2] <URL:http://www.faqs.org/rfcs/rfc2965.html>
[3] <URL:http://www.faqs.org/rfcs/rfc2616.html>

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 23 '05 #4
JRS: In article <MV*****************@text.news.blueyonder.co.uk> , dated
Fri, 18 Mar 2005 00:03:56, seen in news:comp.lang.javascript, Michael
Winter <m.******@blueyonder.co.invalid> posted :
... As far as Max-Age and the document.cookie property is concerned, it's
best to avoid it. I can only recall Mozilla accepting it, though
others might if sent in the HTTP response headers - I've never
honestly bothered to check. I mentioned it for completeness.


Thanks - as it happens, I have those RFCs already on this HDD.

Worth knowing of, but not using until known implemented everywhere.

RFC2616 Sec 14.21 Expires has a paragraph
HTTP/1.1 clients and caches MUST treat other invalid date formats,
especially including the value "0", as in the past (i.e., "already
expired").
which seems to me to imply that those who laboriously calculate dates in
the recent past for killing cookies are wasting time - if it is
implemented generally - and could use "Expires: 0".

--
John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 IE 4
<URL:http://www.jibbering.com/faq/> JL/RC: FAQ of news:comp.lang.javascript
<URL:http://www.merlyn.demon.co.uk/js-index.htm> jscr maths, dates, sources.
<URL:http://www.merlyn.demon.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.
Jul 23 '05 #5
On 18/03/2005 20:44, Dr John Stockton wrote:

^^ I need to correct that format ^^

[snip]
Worth knowing of, but not using until known implemented everywhere.
Well, there is a clear negotiation mechanism specified in RFC 2965.
However, a quick test reveals that of Opera 7.54u1, IE6, and Firefox
1.0, only the former stores the cookie. I must say that I'm quite
surprised that Firefox failed.

Considering the age of RFC 2965, I couldn't imagine a clamour to
implement it unless moving from Proposed to a full Standard means that
much.
RFC2616 Sec 14.21 Expires has a paragraph
HTTP/1.1 clients and caches MUST treat other invalid date formats,
especially including the value "0", as in the past (i.e., "already
expired").
which seems to me to imply that those who laboriously calculate dates in
the recent past for killing cookies are wasting time - if it is
implemented generally - and could use "Expires: 0".


Opera and Firefox are having none of that, though IE is. The
attributes, followed by an equals not a colon, are all lowercase, by
the way. In any event, the Expires header refers to cache control, not
cookies and as cookies aren't officially part of the HTTP protocol, I
don't think that the rules need to apply.

As far as scripting is concerned, a date created

new Date(0)

is simple enough. However, you'd still need to manually construct the
string to comply with Netscape's

Wdy, DD-Mon-YYYY HH:MM:SS GMT

format.

Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 23 '05 #6
JRS: In article <yw**************@text.news.blueyonder.co.uk>, dated
Sat, 19 Mar 2005 00:38:54, seen in news:comp.lang.javascript, Michael
Winter <m.******@blueyonder.co.invalid> posted :
On 18/03/2005 20:44, Dr John Stockton wrote:

^^ I need to correct that format ^^
Not sure what you intend : but to represent the actual truth, "wrote"
should be "posted", at least in my case and probably in all others. If
you can add the offset (I cannot) that would be good.

As far as scripting is concerned, a date created

new Date(0)

is simple enough.
Though, as far as I've seen here, rarely used to kill cookies.
However, you'd still need to manually construct the
string to comply with Netscape's

Wdy, DD-Mon-YYYY HH:MM:SS GMT

format.


which I believe to be the standard.

"expires=Thu, 01-Jan-1970 00:00:00 GMT"
is insignificantly longer than
"expires="+new Date(0).toGMTString()
and definitely shorter than what is commonly used. <FAQENTRY>?

+ + +

I have code for "all" sorts of Week 1 near Jan 1 week numbering, Y M D
to Y W D and now also back.

--
John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 IE 4
<URL:http://www.jibbering.com/faq/> JL/RC: FAQ of news:comp.lang.javascript
<URL:http://www.merlyn.demon.co.uk/js-index.htm> jscr maths, dates, sources.
<URL:http://www.merlyn.demon.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.
Jul 23 '05 #7
On 2005-03-19 23:55, Dr John Stockton wrote:
On 18/03/2005 20:44, Dr John Stockton wrote:

^^ I need to correct that format ^^
Not sure what you intend


To change the date format in particular. However, it doesn't seem to
be possible: the format is determined by the client. I can only choose
where to put it.
If you can add the offset (I cannot) that would be good.
Which offset would that be?

[snip]
Wdy, DD-Mon-YYYY HH:MM:SS GMT


which I believe to be the standard.


Almost, but not quite. The date fields should be space-separated. See
3.3.1 Full Date in HTTP/1.1.
"expires=Thu, 01-Jan-1970 00:00:00 GMT"
That would certainly be better...
is insignificantly longer than
"expires="+new Date(0).toGMTString()


....than that. The format returned by that method tends to vary. I'm
sure I remember UTC for the timezone abbreviation with one host, which
is strange considering the name of the method. Microsoft's
documentation also suggests a different format, where the leading
weekday and comma parts are missing. Of course, one would hope that a
user agent should be able to properly interpret any date strings it
generates itself.

[snip]

Mike

--
Michael Winter
Replace ".invalid" with ".uk" to reply by e-mail.
Jul 23 '05 #8
JRS: In article <Em***************@text.news.blueyonder.co.uk>, dated
Sun, 20 Mar 2005 01:30:12, seen in news:comp.lang.javascript, Michael
Winter <m.******@blueyonder.co.invalid> posted :
On 2005-03-19 23:55, Dr John Stockton wrote:
On 18/03/2005 20:44, Dr John Stockton wrote:

^^ I need to correct that format ^^
Not sure what you intend


To change the date format in particular. However, it doesn't seem to
be possible: the format is determined by the client. I can only choose
where to put it.
If you can add the offset (I cannot) that would be good.


Which offset would that be?


The offset from GMT. The information is in the header of the cited
article, but commonly not reproduced. Also, it's not clear whether the
attribution time is in the attributor's zone, the attributee's header's
zone, or in Proper Greenwich Time, or UTC.

I doubt whether you can do it, assuming you didn't write your newsreader
yourself.

Of course, one would hope that a
user agent should be able to properly interpret any date strings it
generates itself.


Some, such as my Web agent, take the HTTP header Last-Modified: line
which is in explicit unambiguous GMT and generate a lastModified string
without zone and which they cannot themselves read correctly (century
error). js-date2.htm.

--
John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 IE 4
<URL:http://www.jibbering.com/faq/> JL/RC: FAQ of news:comp.lang.javascript
<URL:http://www.merlyn.demon.co.uk/js-index.htm> jscr maths, dates, sources.
<URL:http://www.merlyn.demon.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.
Jul 23 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

20
by: Steven T. Hatton | last post by:
I just read this in the description of how C++ is supposed to be implemented: "All external object and function references are resolved. Library components are linked to satisfy external...
2
by: Paul T. Rong | last post by:
Sorry I just lost tracks of a series of posts, so I post my question again, hoping someone can help. Here is codes provided by Jeff Smith > Private Sub Form_Load() > Dim db As...
2
by: hsharsha | last post by:
Consider the below code: int main(void) { class inner {}; friend class inner; /* what does this signify???? */ return 0; }
39
by: utab | last post by:
Dear all, Is there a clear distinction how to decide which functions to be members of a class and which not How is your attitude (Your general way from your experiences ...) "If the...
5
by: Niu Xiao | last post by:
I saw a lot of codes like: void foo(void* arg) void bar(void** arg) f((void*)p) but what does void pointer mean in c? I just know it stands for generic pointer. thanks.
7
by: =?Utf-8?B?UGV0ZXI=?= | last post by:
Dim sCoName As String = oDs.Customers(0).CompanyName The part that I want to understand is the oDs.Customers(0). Does oDs.Customers(0) mean 1st row of the datatable Customers. Where can I find...
9
by: PengYu.UT | last post by:
Hi, I'm wondering what 'c' in "cout", "cin" mean? Does it mean "C++"? Or the 'c' in <cassert>? Thanks, Peng
4
by: dolphin | last post by:
Hi All I read a .cpp files,find that static void fun(void){......} int main() { .......... } What does this static function mean?Is it the same as the static
13
by: bobby | last post by:
hello group, what does for( ; ; ) mean in C program Thanks
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.