Add HTTP::Cookie#destroy
#14819
Add HTTP::Cookie#destroy
#14819
Conversation
|
Since the intent is to expire the cookie, then I'd also put an expiration date far further than 5 minutes ago (clocks can get unsynced) and use a fixed date, like the UNIX timestamp (1970-01-01 00:00:00 UTC). |
|
@ysbaddaden Hey julian! This little function is a convenience for destroying cookies (which usually means setting their expiry to some date in the past and setting their value to blank) I just thought others might want a convenient function to destroy cookies. Although as you pointed out, it is superflous. I just PR'd it to promote developer happiness :3 |
|
It would be much appreciated to follow the guidelines for feature discussions and open an issue for a new proposal first, to keep the general discussion independent of a PR with a concrete implementation. |
|
Actually, setting So I think the functionality should be implemented as |
|
Sorry about the typo. I can't run the test suite locally so I'm relying on the CI. |
src/http/cookie.cr
Outdated
| # tell the browser to delete the cookie. | ||
| # Set its value to an empty string | ||
| # and set its expiration time to the past | ||
| # Browsers delete cookies that have expired. | ||
| def destroy | ||
| self.value = "" | ||
| self.expires = Time::UNIX_EPOCH | ||
| self.max_age = Time::Span.zero | ||
| end |
There was a problem hiding this comment.
| # tell the browser to delete the cookie. | |
| # Set its value to an empty string | |
| # and set its expiration time to the past | |
| # Browsers delete cookies that have expired. | |
| def destroy | |
| self.value = "" | |
| self.expires = Time::UNIX_EPOCH | |
| self.max_age = Time::Span.zero | |
| end | |
| # Tells the browser to expire the cookie by setting its | |
| # max age time to zero and its expiration time to the past. | |
| def expire | |
| self.expires = Time::UNIX_EPOCH | |
| self.max_age = Time::Span.zero | |
| end |
There was a problem hiding this comment.
Could you elaborate on why you suggest that we remove setting the value to a blank string?
There was a problem hiding this comment.
Sure, my reasoning was twofold:
expiremethod name IMO implies only cookie expiration, not emptying its value- Spec doesn't mention (or I've not seen it does) clearing out the value as the requirement for a cookie expiration
There was a problem hiding this comment.
I believe destroy will better represent what the function does. And there are many methods with a name similar to #expire I think calling it #destroy would be more clear.
There was a problem hiding this comment.
Clearing the value is not a requirement for expiration. But I think it makes a lot of sense not to send the value you want gone to the client again.
straight-shoota
changed the title
HTTP::Cookie#destroy
|
IMO the name |
| # Destroys the cookie. | ||
| # This is done by causing the cookie to expire. Also clears its value. | ||
| def destroy | ||
| self.value = "" |
There was a problem hiding this comment.
I still do think that's a bit unexpected to clear the value in here. Just sayin'
beta-ziliani
requested review from
ysbaddaden and
bcardiff
and removed request for
ysbaddaden
Reasoning
I tried to use
cookies.delete("...")today and it didn't cause the cookie to expire from the browser. It sent it again on the next request.This method sets the cookie value to an empty string and seets the expiry date to 5 minutes ago. Browsers automatically delete expired cookies.
My aim is to provide a convenience to anyone who happens to need to use
HTTP::Cookie