Deleting secure session cookies

[Chris]

I have a couple of secure session cookies that are set like this: self.set_secure_cookie('name', 'value', path='/some/path', expires_days=None, httponly=True, secure=True).

I only set these cookies on certain pages, and want to remove them once users arrive at some other pages by doing self.clear_all_cookies().

However, I notice that these cookies still exist in browsers even after calling clear_all_cookies(). Does the removal of cookies only come after the user closes the browser or leaves my domain? What are the necessary condition(s) that would trigger their removal after calling self.clear_all_cookies()?

[Ben Darnell]

If you use the domain or path parameters to set a cookie, you must use those same parameters to clear_cookie.  There is no way to tell what domain and path were used to set a cookie when you receive it, so clear_all_cookies only works with cookies that did not have a domain or path set.  

-Ben

--
You received this message because you are subscribed to the Google Groups "Tornado Web Server" group.
To unsubscribe from this group and stop receiving emails from it, send an email to python-tornad...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Chris]

Thanks for point that out. I guess I will just overwrite clear_all_cookies() in my handler to clear the cookies set to a specific domain/path.