Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add HTTP::Cookie#destroy #14819

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
+19 −0
Open

Add HTTP::Cookie#destroy #14819

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c012534
added HTTP::Cookie#destroy. It expires cookie and sets its value to b…
a-alhusaini Jul 21, 2024
1981575
fix invalid assertion
a-alhusaini Jul 21, 2024
abe3943
Merge branch 'master' into add_cookie_destroy_method
a-alhusaini Jul 23, 2024
564f926
set cookie expiry to unix epoch. Set cookie max_age to zero to ensure…
a-alhusaini Jul 23, 2024
c592330
fixed typo
a-alhusaini Jul 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions spec/std/http/cookie_spec.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,15 @@ module HTTP
end
end

it "#destroy" do
cookie = HTTP::Cookie.new("hello", "world")
cookie.destroy

cookie.value.empty?.should be_true
cookie.expired?.should be_true
cookie.max_age.should eq(Time::Span.zero)
end

describe "#name=" do
it "raises on invalid name" do
cookie = HTTP::Cookie.new("x", "")
Expand Down
10 changes: 10 additions & 0 deletions src/http/cookie.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,16 @@ module HTTP
end
end

# tell the browser to delete the cookie.
# Set its value to an empty string
# and set its expiration time to the past
# Browsers delete cookies that have expired.
Comment on lines +195 to +198
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: Improve wording.

Suggested change
# tell the browser to delete the cookie.
# Set its value to an empty string
# and set its expiration time to the past
# Browsers delete cookies that have expired.
# Destroys the cookie.
# This is done by causing the cookie to expire. Also clears its value.

def destroy
self.value = ""
self.expires = Time::UNIX_EPOCH
self.max_age = Time::Span.zero
end
Comment on lines +195 to +203
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# tell the browser to delete the cookie.
# Set its value to an empty string
# and set its expiration time to the past
# Browsers delete cookies that have expired.
def destroy
self.value = ""
self.expires = Time::UNIX_EPOCH
self.max_age = Time::Span.zero
end
# Tells the browser to expire the cookie by setting its
# max age time to zero and its expiration time to the past.
def expire
self.expires = Time::UNIX_EPOCH
self.max_age = Time::Span.zero
end

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you elaborate on why you suggest that we remove setting the value to a blank string?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, my reasoning was twofold:

  1. expire method name IMO implies only cookie expiration, not emptying its value
  2. Spec doesn't mention (or I've not seen it does) clearing out the value as the requirement for a cookie expiration

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe destroy will better represent what the function does. And there are many methods with a name similar to #expire I think calling it #destroy would be more clear.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clearing the value is not a requirement for expiration. But I think it makes a lot of sense not to send the value you want gone to the client again.


# :nodoc:
module Parser
module Regex
Expand Down
Loading