How do you delete a cookie in rails that was set with a wild card domain:
cookies[:foo] = {:value => 'bar', :domain => '.acme.com'}
When, following the docs, you do:
cookies.delete :foo
the logs say
Cookie set: foo=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Notice that the domain is missing (it seems to use the default params for everything). Respecting the RFC, of course the cookie's still there, Browser -> ctrl/cmd-L ->
javascript:alert(document.cookie);
VoilĂ !
Q: What's the "correct" way to delete such a cookie?
From stackoverflow
Purfideas
-
Pass the :domain on delete as well. Here's the source of that method:
# Removes the cookie on the client machine by setting the value to an empty string # and setting its expiration date into the past. Like []=, you can pass in an options # hash to delete cookies with extra data such as a +path+. def delete(name, options = {}) options.stringify_keys! set_cookie(options.merge("name" => name.to_s, "value" => "", "expires" => Time.at(0))) endAs you can see, it just sets a cookie with the name you gave, set to expire in 1969, and with no contents. But it does merge in any other options you give, so you can do:
cookies.delete :foo, :domain => '.acme.com'And you're set.
From Jordi Bunster
0 comments:
Post a Comment