Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #97957 > unrolled thread

working with cookies

Back to article view | Back to comp.lang.python

Contents

  working with cookies Jeremy Leonard <jrmy.lnrd@gmail.com> - 2015-10-26 12:26 -0700
    Re: working with cookies John Gordon <gordon@panix.com> - 2015-10-26 20:16 +0000
      Re: working with cookies Jeremy Leonard <jrmy.lnrd@gmail.com> - 2015-10-26 15:57 -0700
        Re: working with cookies John Gordon <gordon@panix.com> - 2015-10-26 23:14 +0000
          Re: working with cookies Jeremy Leonard <jrmy.lnrd@gmail.com> - 2015-10-26 17:30 -0700
            Re: working with cookies John Gordon <gordon@panix.com> - 2015-10-27 01:41 +0000
              Re: working with cookies Jeremy Leonard <jrmy.lnrd@gmail.com> - 2015-10-27 05:11 -0700
                Re: working with cookies Denis McMahon <denismfmcmahon@gmail.com> - 2015-10-28 08:25 +0000
                  Re: working with cookies Jeremy Leonard <jrmy.lnrd@gmail.com> - 2015-10-28 12:31 -0700
                    Re: working with cookies John Gordon <gordon@panix.com> - 2015-10-28 19:47 +0000

#97957 — working with cookies

Hello,

I am currently working on a web based program and I'm trying to figure out how to use cookies. So far I've been able to set a cookie, by importing 'cookies' from the http library. I seem to be having a hard time figuring out how to delete a cookie though. My searches seem to take me to code that I've already tried (which doesn't seem to work). I would appreciate any pointers

[toc] | [next] | [standalone]

#97958

In <b538e4ae-2f64-46b6-ac21-f0959f7cd4a8@googlegroups.com> Jeremy Leonard <jrmy.lnrd@gmail.com> writes:

> Hello,

> I am currently working on a web based program and I'm trying to figure out =
> how to use cookies. So far I've been able to set a cookie, by importing 'co=
> okies' from the http library. I seem to be having a hard time figuring out =
> how to delete a cookie though. My searches seem to take me to code that I'v=
> e already tried (which doesn't seem to work). I would appreciate any pointe=
> rs

1. What code did you try?
2. How do you know it doesn't work?

-- 
John Gordon                   A is for Amy, who fell down the stairs
gordon@panix.com              B is for Basil, assaulted by bears
                                -- Edward Gorey, "The Gashlycrumb Tinies"

[toc] | [prev] | [next] | [standalone]

#97960

On Monday, October 26, 2015 at 4:17:18 PM UTC-4, John Gordon wrote:
> In <b538e4ae-2f64-46b6-ac21-f0959f7cd4a8@googlegroups.com> Jeremy Leonard <jrmy.lnrd@gmail.com> writes:
> 
> > Hello,
> 
> > I am currently working on a web based program and I'm trying to figure out =
> > how to use cookies. So far I've been able to set a cookie, by importing 'co=
> > okies' from the http library. I seem to be having a hard time figuring out =
> > how to delete a cookie though. My searches seem to take me to code that I'v=
> > e already tried (which doesn't seem to work). I would appreciate any pointe=
> > rs
> 
> 1. What code did you try?
> 2. How do you know it doesn't work?
> 
> -- 
> John Gordon                   A is for Amy, who fell down the stairs
> gordon@panix.com              B is for Basil, assaulted by bears
>                                 -- Edward Gorey, "The Gashlycrumb Tinies"

To setup the cookie I use this code:

from http import cookies
from datetime import datetime, timedelta

cookie = cookies.SimpleCookie()
cookie["session"] = random.randint(0,100000000000000000)
cookie["session"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S +0000")
print(cookie.output())


To disable the cookie I've only been able to find code to the effect of:

from http import cookies
import os

cookie = cookies.SimpleCookie(os.environ["HTTP_COOKIE"])
cookie["session"]["expires"]='Thu, 01 Jan 1970 00:00:00 GMT'
cookie["expires"]='Thu, 01 Jan 1970 00:00:00 GMT'
print(cookie.output())

I seem to only be able to find variations of this code.

[toc] | [prev] | [next] | [standalone]

#97961

In <f4e741a7-f47d-457a-babb-d98d15c9aba3@googlegroups.com> Jeremy Leonard <jrmy.lnrd@gmail.com> writes:

> To setup the cookie I use this code:

> from http import cookies
> from datetime import datetime, timedelta

> cookie = cookies.SimpleCookie()
> cookie["session"] = random.randint(0,100000000000000000)
> cookie["session"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S +0000")
> print(cookie.output())

> To disable the cookie I've only been able to find code to the effect of:

> from http import cookies
> import os

> cookie = cookies.SimpleCookie(os.environ["HTTP_COOKIE"])
> cookie["session"]["expires"]='Thu, 01 Jan 1970 00:00:00 GMT'
> cookie["expires"]='Thu, 01 Jan 1970 00:00:00 GMT'
> print(cookie.output())

> I seem to only be able to find variations of this code.

When your application responds to a client request, the response headers
include the current list of cookies.  Cookies are deleted by removing them
from this list.

Where does your application keep track of the cookies it sends to the
client?  Are you using a web framework?

-- 
John Gordon                   A is for Amy, who fell down the stairs
gordon@panix.com              B is for Basil, assaulted by bears
                                -- Edward Gorey, "The Gashlycrumb Tinies"

[toc] | [prev] | [next] | [standalone]

#97962

As of yet I haven't been using a framework per say, just straight cgi. I've been learning as I go. I was going to try and do as much low level as possible and work my way up to using a framework. At some point I'll probably learn a framework, but wanted to start with the basics.

[toc] | [prev] | [next] | [standalone]

#97963

In <f55b1ed4-7dcf-47e9-906b-085d72b98f92@googlegroups.com> Jeremy Leonard <jrmy.lnrd@gmail.com> writes:

> As of yet I haven't been using a framework per say, just straight cgi.
> I've been learning as I go. I was going to try and do as much low level
> as possible and work my way up to using a framework. At some point I'll
> probably learn a framework, but wanted to start with the basics.

If you're doing straight CGI yourself, then you must be handling the
cookies yourself also.  There must be someplace in your application
where you store the collection of cookies to be included in the response.
If you want to clear a cookie, just remove it from the collection.

-- 
John Gordon                   A is for Amy, who fell down the stairs
gordon@panix.com              B is for Basil, assaulted by bears
                                -- Edward Gorey, "The Gashlycrumb Tinies"

[toc] | [prev] | [next] | [standalone]

#97969

On Monday, October 26, 2015 at 9:41:45 PM UTC-4, John Gordon wrote:
> In <f55b1ed4-7dcf-47e9-906b-085d72b98f92@googlegroups.com> Jeremy Leonard <jrmy.lnrd@gmail.com> writes:
> 
> > As of yet I haven't been using a framework per say, just straight cgi.
> > I've been learning as I go. I was going to try and do as much low level
> > as possible and work my way up to using a framework. At some point I'll
> > probably learn a framework, but wanted to start with the basics.
> 
> If you're doing straight CGI yourself, then you must be handling the
> cookies yourself also.  There must be someplace in your application
> where you store the collection of cookies to be included in the response.
> If you want to clear a cookie, just remove it from the collection.
> 
> -- 
> John Gordon                   A is for Amy, who fell down the stairs
> gordon@panix.com              B is for Basil, assaulted by bears
>                                 -- Edward Gorey, "The Gashlycrumb Tinies"

I haven't learned how to do that yet. I see in the documentation for Python that there is a Cookie Jar class, but that seems to be more on the client side (unless I am reading it incorrectly). I'm looking for help in learning how to do that.

[toc] | [prev] | [next] | [standalone]

#97975

On Tue, 27 Oct 2015 05:11:01 -0700, Jeremy Leonard wrote:

> I haven't learned how to do that yet. I see in the documentation for
> Python that there is a Cookie Jar class, but that seems to be more on
> the client side (unless I am reading it incorrectly). I'm looking for
> help in learning how to do that.

Note that controlling what browsers do with cookies isn't always simple 
or easy.

In theory, if you don't set an explicit expiry on a cookie the browser 
should forget it when the browser closes. In other cases, the browser 
should delete the cookie when the expiry time passes.

However, my experience has taught me that stale cookies may get 
presented, and browsers may forget about cookies you think shouldn't have 
expired.

At the end of the day, a cookie is a fragment of data that you are 
placing in the control of your website visitors, never forget that. 
Rather than storing server side data in the cookie, use the cookie as a 
key to the server side data (ie as a session identifier), and generate 
the cookie value in a way that makes session hijacking by manipulating 
the cookie value difficult (your cookie value range needs a few more 
orders of magnitude than your maximum simultaneous user sessions value).

-- 
Denis McMahon, denismfmcmahon@gmail.com

[toc] | [prev] | [next] | [standalone]

#97985

On Wednesday, October 28, 2015 at 4:27:36 AM UTC-4, Denis McMahon wrote:
> On Tue, 27 Oct 2015 05:11:01 -0700, Jeremy Leonard wrote:
> 
> > I haven't learned how to do that yet. I see in the documentation for
> > Python that there is a Cookie Jar class, but that seems to be more on
> > the client side (unless I am reading it incorrectly). I'm looking for
> > help in learning how to do that.
> 
> Note that controlling what browsers do with cookies isn't always simple 
> or easy.
> 
> In theory, if you don't set an explicit expiry on a cookie the browser 
> should forget it when the browser closes. In other cases, the browser 
> should delete the cookie when the expiry time passes.
> 
> However, my experience has taught me that stale cookies may get 
> presented, and browsers may forget about cookies you think shouldn't have 
> expired.
> 
> At the end of the day, a cookie is a fragment of data that you are 
> placing in the control of your website visitors, never forget that. 
> Rather than storing server side data in the cookie, use the cookie as a 
> key to the server side data (ie as a session identifier), and generate 
> the cookie value in a way that makes session hijacking by manipulating 
> the cookie value difficult (your cookie value range needs a few more 
> orders of magnitude than your maximum simultaneous user sessions value).
> 
> -- 
> Denis McMahon, denismfmcmahon@gmail.com

Thanks for the information. So would a framework, to deal with the cookies, typically be better then doing a hand-rolled sollution?

[toc] | [prev] | [next] | [standalone]

#97986

In <ea6ebd4d-4deb-47bf-8a78-43b49f15c575@googlegroups.com> Jeremy Leonard <jrmy.lnrd@gmail.com> writes:

> Thanks for the information. So would a framework, to deal with the
> cookies, typically be better then doing a hand-rolled sollution?

Yes.

-- 
John Gordon                   A is for Amy, who fell down the stairs
gordon@panix.com              B is for Basil, assaulted by bears
                                -- Edward Gorey, "The Gashlycrumb Tinies"

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web