cookies.delete doesn't work...?

Hello -

I'm trying to have an account information and link bar at the top of the screen, i.e:

chris@example.com | My Profile | Logout

This bar should be up there even when the user is on a cached page (the app I'm working on has a lot of database-intensive screens, which luckily are well-suited to page caching). So, I set up a before filter in the application controller, like so:

before_filter :set_user_info_cookie private def set_user_info_cookie   cookies[:user_info] = { :value => current_user.email, :expires => 1.hour.from_now } if current_user   cookies.delete :user_info unless current_user end

(I'm using Authlogic for authentication)

Then I use jQuery to look for the "user_info" cookie - if it exists, it assumes the user is logged in and puts the email address and whatnot at the top of the screen. This is the only thing the cookie is used for, so security's not an issue (I don't think) and it's left in clear text.

There are two problems with my setup:

#1: "cookies.delete :user_info unless current_user" doesn't work. In fact, I can't figure out how to destroy that cookie at all. When I use the debugger, and then call cookies.delete [:user_info], I get the following array with two strings:

["user_credentials=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT", "user_info=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"]

If I look at the cookies hash after that, it looks exactly the same as it did before I tried to delete the user_info cookie. Looking at the localhost cookies in Firefox, the user_info cookie is still there.

#2: I've just set up one controller specifically to serve static pages (which will also be page cached, but I want to use rails to make sure their layout matches the rest of the site). The controller actions are empty, and the views are still very simple, but whenever I try to access one of the static pages I get the following error, stemming from my set_user_info_cookie method:

Hello -

I'm trying to have an account information and link bar at the top of the screen, i.e:

chris@example.com | My Profile | Logout

This bar should be up there even when the user is on a cached page (the app I'm working on has a lot of database-intensive screens, which luckily are well-suited to page caching). So, I set up a before filter in the application controller, like so:

before_filter :set_user_info_cookie private def set_user_info_cookie cookies[:user_info] = { :value => current_user.email, :expires => 1.hour.from_now } if current_user cookies.delete :user_info unless current_user end

(I'm using Authlogic for authentication)

Then I use jQuery to look for the "user_info" cookie - if it exists, it assumes the user is logged in and puts the email address and whatnot at the top of the screen. This is the only thing the cookie is used for, so security's not an issue (I don't think) and it's left in clear text.

There are two problems with my setup:

#1: "cookies.delete :user_info unless current_user" doesn't work. In fact, I can't figure out how to destroy that cookie at all. When I use the debugger, and then call cookies.delete [:user_info], I get the following array with two strings:

["user_credentials=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT", "user_info=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"]

If I look at the cookies hash after that, it looks exactly the same as it did before I tried to delete the user_info cookie. Looking at the localhost cookies in Firefox, the user_info cookie is still there.

My experience has been that cookies.delete empties rather than completely removes the cookie. So whenever I access a cookie that may have been deleted I check for existence and not empty.

#2: I've just set up one controller specifically to serve static pages (which will also be page cached, but I want to use rails to make sure their layout matches the rest of the site). The controller actions are empty, and the views are still very simple, but whenever I try to access one of the static pages I get the following error, stemming from my set_user_info_cookie method:

-----

You have a nil object when you didn't expect it! You might have expected an instance of ActiveRecord::Base. The error occurred while evaluating nil.

...

Things are failing on the line:

controller.cookies[cookie_key] && controller.cookies[cookie_key].split("::")

So it seems that controller.cookies is nil. I feel like this must be related to my other problem, but I don't know how.

I use just cookies[:cookie_name] to access the cookies (after checking not nil and not empty)

Colin

My experience has been that cookies.delete empties rather than completely removes the cookie. So whenever I access a cookie that may have been deleted I check for existence and not empty.

Alright, but the cookie isn't even being emptied. I can still see the value in the cookies hash, and it still shows up in Firefox.

Is there a command to completely remove the cookie? I haven't found one yet.

From previous post:

["user_credentials=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT", "user_info=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"]

user_info looks pretty empty to me.

Colin

But, like I was saying, it's actually not empty. That's my problem.

If I use "debugger" in that application controller action and start inserting my own code:

cookies => {"user_credentials"=>"5290...", "user_info"=>"chris@example.com", "_myapp_session"=>"rge..."}

cookies.delete :user_info => ["user_info=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"]

cookies => {"user_credentials"=>"5290...", "user_info"=>"chris@example.com", "_myapp_session"=>"rge..."}

cookies[:user_info] => "chris@example.com"

It's still there. And when I look at the cookies list in Firefox, it's there too.

Having deleted the cookie in the controller and shown a view, what is the value of that cookie when you get back to the controller again?

Colin

Further to this, if I remember correctly the cookies hash (or whatever it is) is actually two separate sets of data, the incoming cookies from the browser, accessed by value = cookies[:name], and the outgoing values that will be sent to the browser, set by cookies[:name] = value. This means that, non-intuitively, setting a cookie value (or deleting it) and immediately reading it back does not show the new value. It is not till it is sent to the browser and returned that the new value will be seen. OTOH after a delete the cookie should be gone or at least empty when examined in the browser. Are you sure you were not confused by the write/read issue (as I was) and maybe you are mistaken in saying that it still had a value when examined in the browser.

Colin

I have just checked some similar code in my app. I call cookies.delete :name in the controller and then redirect_to an action. When I look at the cookies in FF (Edit, Settings, Privacy, Show Cookies) then it is gone (rails 2.3.2), though I have definitely seen the situation in the past when deleting a cookie it was just emptied. This may have been on an earlier rails.

Colin