Perl passes expire -1
unchanged to the browser, and they should expire cookie immediately.
At least so it says RFC2616.
문제
If CGI:Cookie is set to -1
then what does it indicates ?
-expires => '-1'
How long the cookie will stay alive ?
해결책
Perl passes expire -1
unchanged to the browser, and they should expire cookie immediately.
At least so it says RFC2616.
다른 팁
Looking around in the source code of CGI, the expires piece seems to get validated in CGI::Util
. Here is the code that does the deed:
sub expire_calc {
my($time) = @_;
my(%mult) = ('s'=>1,
'm'=>60,
'h'=>60*60,
'd'=>60*60*24,
'M'=>60*60*24*30,
'y'=>60*60*24*365);
# format for time can be in any of the forms...
# "now" -- expire immediately
# "+180s" -- in 180 seconds
# "+2m" -- in 2 minutes
# "+12h" -- in 12 hours
# "+1d" -- in 1 day
# "+3M" -- in 3 months
# "+2y" -- in 2 years
# "-3m" -- 3 minutes ago(!)
# If you don't supply one of these forms, we assume you are
# specifying the date yourself
my($offset);
if (!$time || (lc($time) eq 'now')) {
$offset = 0;
} elsif ($time=~/^\d+/) {
return $time;
} elsif ($time=~/^([+-]?(?:\d+|\d*\.\d*))([smhdMy])/) {
$offset = ($mult{$2} || 1)*$1;
} else {
return $time;
}
my $cur_time = time;
return ($cur_time+$offset);
}
It appears that only the else
block will catch -1
because it is not followed by one of the specified modifiers.
-1
will then be returned from this function. Since that is not a valid time, I imagine that the cookie will expire immediately, but I am not sure on that point. It could also cause your request to error out (not sure on this point either).
If you run it, you'll see that it will pass a literal -1
instead of substituting a timestamp value.
use feature 'say';
use CGI::Cookie;
say CGI::Cookie->new(-name=>'foo', -value => 'bar', expires => '-1')->as_string;
say CGI::Cookie->new(-name=>'foo', -value => 'bar', expires => '-1M')->as_string;
__END__
foo=bar; path=/; expires=-1
foo=bar; path=/; expires=Sat, 01-Feb-2014 14:43:03 GMT
Reading through the Wikipedia article reveals that the format is always this timestamp. One could dig deeper and look at the RFCs that define the behaviour.