Forum Discussion
ramann_75062
Nimbostratus
NimbostratusDelete cookie not work
Hi@all,
I use a encrypted cookie. In the response I check the cookie, which is manipulated
if { [HTTP::cookie exists COOID] } {
set decrypted [HTTP::cookie decrypt "COOID" "1234"]
if { ($decrypted eq "") } {
Cookie wasn't encrypted, delete it
HTTP::cookie remove "COOID"
log local0. "COOKIE_CHECK: Cookie was changed... [IP::client_addr]"
HTTP::redirect "http://redirect.to.nowhere/"
}
}
When I check the cookies in my brwoser (FF3.0) - the cookie was not removed. What do I wrong.
Please help.
THanks
bjoern
3 Replies
- dennypayne
Employee
Looks OK at first glance...I'm assuming you are calling this code in the HTTP_RESPONSE event? Do you ever see the COOKIE_CHECK message in the logs? You might try adding some more levels of logging to make sure your conditions are actually firing.
Denny 
ramann_75062yes, its in the HTTP_RESPONSE part and i see the COOKIE_CHECK message in the logs.
Deleting the cookie is possible when I don´t use a HTTP::redirect
hoolioCirrostratus
Hi bjoern,
You would need to set the cookie to expire in the redirect response. In order to do this, you'd need to use HTTP::respond instead of HTTP::redirect so you can add a Set-Cookie header. Here is an example:
HTTP::respond 302 Location "http://newhost.example.com/redirect_location.html" Set-Cookie {cookie_name=null; Path=/; Expires=Thurs, 01-Jan-1970 00:00:00 GMT;}
The path needs to be set in this response with the same path that the original cookie was set with.
I haven't tested this exact command, but I've used similar before.
Aaron
