Jan 12, 2015; 13:09
Jolle Carlestam
An exciting half day spent in the land of cookies
This is not a cry for help. It is merely a word (a lot of words actually) of warning to this of us that sets cookies in Lasso 9 for languages other than English.
Remember I had a strange date related error the other day that turned out to be because my server used an en_US locale instead of the preferred sv_SE. An error that I fixed by setting the default locale at startup for the instance.
http://www.lassotalk.com/Weird-date-week-error-Lasso-9.lasso?276577
Well today I=92ve been struggling for a couple of hours with a completely unrelated issue concerning disappearing cookies and thus clients not being able to log in to their intranets.
It started quietly on Saturday and exploded today, Monday. (There=92s a relevancy here, be patient=85)
The two issues eventually turned out to be closely related.
The reason clients could not log in was because the session cookie never got set by the browser. It was not because they did not get the cookies, it was because the browser could not understand them.
Short explanation. Cookies should be set like this:
Set-Cookie: name=Jolle; expires=Mon, 26 Jan 2015 10:38:25 GMT; path=/
The way the date is formatted is important. Even if Lasso allows us to use durations or integers as input values for the -expires param they are always translated to a date value formatted like the example above before being sent to the browser.
Now, here=92s the connection with the previous thread. When Lasso sets a cookie expire value it will use the default_locale to format the date.
For a vast majority of Lasso sites this has no impact since they probably talk English anyway and thus default_locale is using the correct format for the cookie. But when I set my server to use Swedish it broke the cookie creation. Only, part of the trickiness, not for all browsers and not for all days. It=92s, so far, only Safari (both IOS and OSX) that suffers from this. And only on Saturdays, Sundays and Mondays. Because these days are the only ones that contains non English chars in the day name, L=F6rdag, S=F6ndag, M=E5ndag.
Thus, this: Mon, 26-Jan-2015 06:07:24 GMT
Will, by Lasso, be sent like this m=E5n, 26-Jan-2015 06:07:24 GMT
And interpreted as: m=C3=A5n, 26-Jan-2015 06:07:24 GMT
and stop all further cookie setting in Safari. Chrome and Firefox both interpret the cookie anyway and proceeds.
This is of course a bug in Lasso, and possibly in Safari. As I see it Lasso should not use the default_locale when formatting the date put into the cookie, it should always use en_US.
Now, next item on the agenda. How do I fix this?
First thing I tried was to temporarily change the default_locale to en_US, set the cookie and then change the default_locale back to sv_SE. No go. I think this is because Lasso won=92t actually set the cookie until the very end of the processing. By that time the default_locale is set back to sv_SE again.
Some reading up of the documentation for setting cookies pointed to a way.
"The -expires parameter can be either a date object, a duration object, an integer, a string, or any object that will produce a suitable value when converted into a string. A date indicates the absolute date at which the cookie will expire. A duration indicates the time that the cookie should expire based on the time at which the cookie is being set. An integer indicates the number of minutes until the cookie expires. Any other object type is appended directly to the outgoing cookie header string.=94
Notice the last sentence? =94appended directly=94. Aha, If I create a string with the date value correctly formatted and use that as -expires param then I=92m good to go? Right?
local(cookiedate = date(-dateGMT))
#cookiedate -> add(-minute = 20160) // 14 days
web_response -> setcookie(
'mycookie' = 'value',
-domain = server_name,
-expires = #cookiedate -> format("EEE, dd MMM yyyy HH:mm:ss 'GMT'", -locale = locale('en', 'US')),
-path = '/=92
)
The result of #cookiedate -> format(...) looks like this by the way:
Mon, 26 Jan 2015 10:53:12 GMT
Looks good to me.
But no, now it=92s time for Lasso cookie bug no 2. That "appended directly=94 promise is not fulfilled. Lasso will insist on interpreting the input as a date and format it. And making huge mistakes in the process. The above will come out as this:
Set-Cookie: domain = value;expires=m=E5n, 12-Jan-2015 10:49:51 GMT;path=/
From 26 Jan 2015 10:53:12 to 12-Jan-2015 10:49:51? Not a lot of right assumptions there=85
Conclusions at this point. I have found no way around this as long as I have the desire to have both default_locale set to sv_SE and to use cookies with expires params. Until I find another way, or Lasso fixes one or both cookie bugs I=92ve resorted to remove the expires param from my cookies. This is not a good solution but it will keep clients happier than not being able to log in at all.
Thanks for your patience reading this far.
HDB
Jolle
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
Jan 12, 2015; 13:32
Jolle Carlestam
Re: An exciting half day spent in the land of cookies
Jan 12, 2015; 13:55
Jolle Carlestam
Re: An exciting half day spent in the land of cookies
Jan 12, 2015; 14:15
Marc Vos
Re: An exciting half day spent in the land of cookies
Jan 12, 2015; 17:23
Bil Corry
Re: An exciting half day spent in the land of cookies
Jan 12, 2015; 17:37
Jolle Carlestam
Re: An exciting half day spent in the land of cookies
Jan 12, 2015; 09:41
Steffan A. Cline
Re: An exciting half day spent in the land of cookies
Jan 12, 2015; 17:44
Jolle Carlestam
Re: An exciting half day spent in the land of cookies