Re: sending http requests without cookies

VK wrote:

Michael Winter wrote:
On 14/02/2006 19:00, VK wrote:
Thomas 'PointedEars' Lahn wrote:
VK wrote:
2) Parse cookie string "foo", extract each separate cookie and
make it expired [...]
As I said, step 2 is not possible. Once in a while you should read
what you reply to.
What do you mean "impossible"?
Not possible.
How do you think all JavaScript cookie management systems work?
Thomas clearly has a greater understanding than you do, but that is
hardly a surprise, is it?

Not really - specially as I'm getting more and more hard to be
surprised recently :-)

Thomas doesn't have better understanding, but he's already getting what
attitude (atop of his regular one :-) which may infect you if stay
regularly on clj.
[...]

What are you babbling about again? Read it from my fingertips: It is _not
possible_ to delete all cookies that apply to a resource because either of
the cookies retrieved with document.cookies may be set for a domain of the
resource of a higher level (say a resource on bla.example.com reading the
cookie set for .example.com) or a path of a higher level (say a resource on
example.com/foo/bar/ to retrieve a cookie set for example.com/foo/) or a
combination of both. Then you have _no chance_ to set this cookie to
expire (read: to delete it) as you have no chance to retrieve that kind of
information and so you cannot set the exact domain or path component of the
string that needs to be assigned. And using the second-level domain of the
resource or the root path does not modify the corresponding cookie, so
cannot delete it.

Now reading OP's original question once over: "Any cookies that I have
associated with that site will be sent along with this HTTP request".
*I have associated*

A Web site usually consists of more than one resource.

From my (possibly wrong) reading of this sentence I concluded that OP
knows what cookies, for what domain and what path did he set.

Perhaps, perhaps not. For example, session cookies ("session" referring
to server-side sessions here, not necessarily also to client-side ones),
are often set/sent automatically by server-side applications.

name/domain/path exact match was implemented for exactly the opposite
situation: when someone wants to destroy cookie set by someone else.

Utter nonsense. It was implemented to allow cookies to be accessible
throughout a Web site, especially sub-level domains and subpaths, and
accessible in a sub-level domain (and its sub-level domains) and subpaths
but not in the domain or path of higher level.


PointedEars
.

Relevant Pages

  • Re: Suggestion for a new system call: convert file handle to a cookie for transfering file handles b
    ... > per-process resource limits, as it is possible to open a file, grab a ... > cookies are dropped more agressivly. ... > provide the opportunity for denial of service attacks. ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • Re: Spyware program with low overhead?
    ... I started running Spyware Doctor and discover it's taking 54,800k - not so low on resources and it once messed up my cookies. ... Is there a recommended anti-spyware program, that is good of course, and also has a low resource drain? ...
    (alt.comp.anti-virus)
  • removal cookie issue
    ... i did a trace where we can see that the server try to expire some cookies on ... Connection: keep-alive ... Server: BigIP ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Wayyyyyyy OT: Firefox cookies
    ... In FF check Tools> Options> Privacy> Cookies section. ... windows user and therefore of limited value. ... I have to login ... sites seem to expire earlier than they should, ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Storing Cookies from C#.NET Application
    ... store all the cookies sent by the server and return them on subsequent ... between runs of the client application so that cookies don't expire ... that uses a web reference to a SOAP web service, ...
    (microsoft.public.dotnet.languages.csharp)