Cookies And AJAX

Discussion in 'Javascript' started by pbd22, Jun 20, 2007.

  1. pbd22

    pbd22 Guest

    Hi.

    I am having a hard time figuring this one out...

    I have a sign in page. in my sign in logic, the successful
    login uses forms authentication and assigns an HttpCookie
    for the site-wide "user id" (ie. "Welcome BillG ! ").

    when the user clicks on "signout" from any given page,
    an XMLHttp call queries a server script (VB.NET) which
    1) signs out the user if he is authenticated and
    2) expires the cookie (DateTime.Now.AddYears(-1) ) for "user id".

    my problem is that when the request is returned to the
    client, it seems to have no effect on the status of the cookie. It
    still reads "user id = BillG" when i do javascript:document.cookie.

    Is it possible that my server code:

    Response.Cookies.Add(cookie)

    got complicated with the AJAX call? How do I "immediately" destroy the
    cookie so the user is both unauthenticated AND his
    user id is removed.

    I hope I have explained myself clearly. Thanks for your replies.

    Peter
    pbd22, Jun 20, 2007
    #1
    1. Advertising

  2. pbd22 wrote:

    > when the user clicks on "signout" from any given page,
    > an XMLHttp call queries a server script (VB.NET) which
    > 1) signs out the user if he is authenticated and
    > 2) expires the cookie (DateTime.Now.AddYears(-1) ) for "user id".
    >
    > How do I "immediately" destroy the
    > cookie so the user is both unauthenticated AND his
    > user id is removed.


    Use javascript to delete cookie immediately:
    document.cookie="NAME=;expires="+(new Date(99999).toGMTString())
    scripts.contact, Jun 20, 2007
    #2
    1. Advertising

  3. pbd22

    Darko Guest

    On Jun 20, 6:12 pm, "scripts.contact" <>
    wrote:
    > pbd22 wrote:
    > > when the user clicks on "signout" from any given page,
    > > an XMLHttp call queries a server script (VB.NET) which
    > > 1) signs out the user if he is authenticated and
    > > 2) expires the cookie (DateTime.Now.AddYears(-1) ) for "user id".

    >
    > > How do I "immediately" destroy the
    > > cookie so the user is both unauthenticated AND his
    > > user id is removed.

    >
    > Use javascript to delete cookie immediately:
    > document.cookie="NAME=;expires="+(new Date(99999).toGMTString())


    You need to understand what "cookie" is to resolve this. A cookie is
    simply a line of text in the http-response. If you get that text in an
    ajax response (a response to the ajax request) than that won't affect
    the cookies on the client's system. To my knowledge, only if you
    navigate to a page that contains cookie definitions will affect the
    client's cookies, not the ones sent in the ajax response. So, the
    trouble is you would either need to parse the ajax response, or think
    of something else. Like scripts.contact said, the easiest way to do
    this is to ignore the response from the server in that case, and set
    the cookie manually in the same javascript chunk of code.
    Darko, Jun 20, 2007
    #3
  4. pbd22

    pbd22 Guest

    On Jun 20, 9:22 am, Darko <> wrote:
    > On Jun 20, 6:12 pm, "scripts.contact" <>
    > wrote:
    >
    > > pbd22 wrote:
    > > > when the user clicks on "signout" from any given page,
    > > > an XMLHttp call queries a server script (VB.NET) which
    > > > 1) signs out the user if he is authenticated and
    > > > 2) expires the cookie (DateTime.Now.AddYears(-1) ) for "user id".

    >
    > > > How do I "immediately" destroy the
    > > > cookie so the user is both unauthenticated AND his
    > > > user id is removed.

    >
    > > Use javascript to delete cookie immediately:
    > > document.cookie="NAME=;expires="+(new Date(99999).toGMTString())

    >
    > You need to understand what "cookie" is to resolve this. A cookie is
    > simply a line of text in the http-response. If you get that text in an
    > ajax response (a response to the ajax request) than that won't affect
    > the cookies on the client's system. To my knowledge, only if you
    > navigate to a page that contains cookie definitions will affect the
    > client's cookies, not the ones sent in the ajax response. So, the
    > trouble is you would either need to parse the ajax response, or think
    > of something else. Like scripts.contact said, the easiest way to do
    > this is to ignore the response from the server in that case, and set
    > the cookie manually in the same javascript chunk of code.



    Hi.

    Thanks for your replies.
    Client Side Cookies seem to be the answer but I can't seem to
    get rid of the "loged-in" cookie. The current result is two
    cookies with the same key: user id = BillG and user id = guest

    I am using the below functions on sign-out:

    function del_cookie(name) {
    document.cookie = name +'=; expires=Thu, 01-Jan-70 00:00:01
    GMT;';
    }

    function write_cookie (name, value, path)
    {
    // Build the expiration date string:
    var expiration_date = new Date ();
    expiration_date.setYear (expiration_date.getYear () + 1);
    expiration_date = expiration_date.toGMTString ();

    // Build the set-cookie string:
    var cookie_string = escape (name) + "=" + escape (value) + ";
    expires=" + expiration_date;
    if (path != null)
    cookie_string += "; path=" + path;

    // Create/update the cookie:
    document.cookie = cookie_string;
    }

    called as such:

    del_cookie("user id");
    write_cookie("user id", "guest", "/");

    THIS DOESNT WORK :(
    pbd22, Jun 20, 2007
    #4
  5. pbd22

    pbd22 Guest

    On Jun 20, 1:14 pm, pbd22 <> wrote:
    > On Jun 20, 9:22 am, Darko <> wrote:
    >
    >
    >
    > > On Jun 20, 6:12 pm, "scripts.contact" <>
    > > wrote:

    >
    > > > pbd22 wrote:
    > > > > when the user clicks on "signout" from any given page,
    > > > > an XMLHttp call queries a server script (VB.NET) which
    > > > > 1) signs out the user if he is authenticated and
    > > > > 2) expires the cookie (DateTime.Now.AddYears(-1) ) for "user id".

    >
    > > > > How do I "immediately" destroy the
    > > > > cookie so the user is both unauthenticated AND his
    > > > > user id is removed.

    >
    > > > Use javascript to delete cookie immediately:
    > > > document.cookie="NAME=;expires="+(new Date(99999).toGMTString())

    >
    > > You need to understand what "cookie" is to resolve this. A cookie is
    > > simply a line of text in the http-response. If you get that text in an
    > > ajax response (a response to the ajax request) than that won't affect
    > > the cookies on the client's system. To my knowledge, only if you
    > > navigate to a page that contains cookie definitions will affect the
    > > client's cookies, not the ones sent in the ajax response. So, the
    > > trouble is you would either need to parse the ajax response, or think
    > > of something else. Like scripts.contact said, the easiest way to do
    > > this is to ignore the response from the server in that case, and set
    > > the cookie manually in the same javascript chunk of code.

    >
    > Hi.
    >
    > Thanks for your replies.
    > Client Side Cookies seem to be the answer but I can't seem to
    > get rid of the "loged-in" cookie. The current result is two
    > cookies with the same key: user id = BillG and user id = guest
    >
    > I am using the below functions on sign-out:
    >
    > function del_cookie(name) {
    > document.cookie = name +'=; expires=Thu, 01-Jan-70 00:00:01
    > GMT;';
    > }
    >
    > function write_cookie (name, value, path)
    > {
    > // Build the expiration date string:
    > var expiration_date = new Date ();
    > expiration_date.setYear (expiration_date.getYear () + 1);
    > expiration_date = expiration_date.toGMTString ();
    >
    > // Build the set-cookie string:
    > var cookie_string = escape (name) + "=" + escape (value) + ";
    > expires=" + expiration_date;
    > if (path != null)
    > cookie_string += "; path=" + path;
    >
    > // Create/update the cookie:
    > document.cookie = cookie_string;
    > }
    >
    > called as such:
    >
    > del_cookie("user id");
    > write_cookie("user id", "guest", "/");
    >
    > THIS DOESNT WORK :(


    Hi. I found the Answer. It is cut and paste below:


    FIXED!

    It seems that the cookie string used in JavaScript to delete it must
    match
    EXACTLY the cookie string sent by ASP.NET to save it:

    as ASP.NET sends:
    login=myloginvalue; expires=gmtdate; path=/

    You have to write the following JavaScript to delete the cookie:

    var expires = new Date();
    expires.setUTCFullYear(expires.getUTCFullYear() - 1);
    document.cookie = 'login=; expires=' + expires.toUTCString() + ';
    path=/';

    It works both on IE and Mozilla!

    Henri
    pbd22, Jun 20, 2007
    #5
  6. In comp.lang.javascript message <
    legroups.com>, Wed, 20 Jun 2007 09:12:18, scripts.contact
    <> posted:
    >
    >Use javascript to delete cookie immediately:
    >document.cookie="NAME=;expires="+(new Date(99999).toGMTString())


    Why 99999 rather than 0 ? But
    document.cookie="NAME=;expires=Thu, 1 Jan 1970 00:01:39 UTC"

    is shorter.

    Probably, one does not need the "Thu, ", the " UTC", and maybe not even
    the " hh:mm:ss".

    --
    (c) John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v6.05 IE 6.
    Web <URL:http://www.merlyn.demon.co.uk/> - w. FAQish topics, links, acronyms
    PAS EXE etc : <URL:http://www.merlyn.demon.co.uk/programs/> - see 00index.htm
    Dates - miscdate.htm moredate.htm js-dates.htm pas-time.htm critdate.htm etc.
    Dr J R Stockton, Jun 21, 2007
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alex Nitulescu

    Response.Cookies vs Request.Cookies

    Alex Nitulescu, Feb 3, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    8,451
    Hans Kesting
    Feb 3, 2005
  2. Andy Fish
    Replies:
    3
    Views:
    6,501
    Fredrik Lindner
    Nov 6, 2003
  3. minnie
    Replies:
    1
    Views:
    669
    Andrew Thompson
    Dec 13, 2006
  4. archana
    Replies:
    1
    Views:
    498
  5. _Who
    Replies:
    7
    Views:
    2,629
Loading...

Share This Page