[Seaside] Empty cookies in HTTP requests

Bany, Michel mbany at cincom.com
Wed Feb 8 17:43:39 UTC 2006

Sorry, this is a long post.

Does anybody know the intention of
	response cookieAt: self name put: ''.
in #handleExpiredRequest:

My limited understanding of HTTP is that this is supposed to delete
the cookie in the browser. But is there any possibility to delete a
cookie in the browser ? Or is it the right way to delete a cookie ?

I have seen situations where the session cookie is returned by the
browser as an empty string. This seems to be a direct consequence
of an expired session where Seaside sets an empty session cookie
even if the application has not been configured to use session cookies.
This has the disastrous effect of adding an empty handler field (_s=)
to the request (in WAApplication >> handleRequest:)

This happens only in VW where empty cookies are preserved while Squeak
removes empty cookies from HTTP requests at a very early stage

I will be happy to modify the VW port of Seaside to automatically
all empty cookies so that VW behaves identically to Squeak.

However, the code in #parseCookies: makes me think that the discarding
of empty cookies could very well be an accidental bug, not a feature, a
that Seaside is taking advantage of. 

So my questions : bug or feature, and how to deal with that ?
Is an empty cookie a useful information worth being passed on to the
application ?
If this is recognized as a Squeak bug, then Seaside should assume that
bug is fixed and
(1) if Seaside does not really need the empty cookies, it should
explicitely remove all the empty cookies in #convertRequest:
(2) if Seaside wants to preserve empty cookies then the unwanted empty
session cookie should be discarded in WAApplication >> handleRequest:
(3) Seaside should not send the empty session cookie in
if the application has not been configured to use session cookies.


More information about the Seaside mailing list