I have a shopping cart script that uses cookies to display the order in the order form. I want to delete all the cookies when they complete the order. I don't understand why this doesn't work. The cookiename is stored in $name[6].


#!/usr/bin/perl
print "Content-type: text/html \n\n";

#####################################

use CGI;
use CGI::Carp qw(fatalsToBrowser);

$query = new CGI;

foreach $name ($query->cookie())
{
@name = $query->cookie(split(/;/,$name));


# delete cookie....

$cookie = $query->cookie (
-name => $name[6],
-value => '',
-path => '/',
-expires => '-1d');

}

Are you talking about deleting the cookie file on the remote client, or the server side session?

I don't know. I just want to hurl my cookies. I have another script that deletes the individual cookies, or items. I pass the cookie name in the querystring. It work's fine:


$query = new CGI;

$cookiename = $query->url_param('item');

# delete cookie....
#
my $cookie = $query->cookie (
-name => $cookiename,
-value => '',
-path => '/',
-expires => '-1d');


It seems to me that I could loop through each cookie and delete it with the previous code I submitted.

On further thought I think the following should work, but it doesn't:


#!/usr/bin/perl
print "Content-type: text/html \n\n";

#####################################

use CGI;
use CGI::Carp qw(fatalsToBrowser);

$query = new CGI;

foreach $name ($query->cookie())
{

# delete cookie....
#
$cookie = $query->cookie (
-name => $name,
-value => '',
-path => '/',
-expires => '-1d');
}


The following code prints the cookie names:


foreach $name ($query->cookie())
{
print "$name\n";
}


So, why doesn't the previous code delete it?

Maybe I can't overwrite a cookie when I am reading from it? Leaving. Be back later.

Maybe I can't overwrite a cookie when I am reading from it? Leaving.

No, you can't "delete"/overwrite a client side cookie while reading it. You can "delete"/overwrite it by sending a new expired cookie but that needs to be done when you send the header, not afterwards. But even doing that doesn't guaranty that it will be deleted. It's up to the clients browser to decide if and when it's going the expired cookie.

Why are you concerned about deleting the cookie? Isn't it enough to set the expiration time to some minimal amount and let the client decide when it gets deleted?

If you're passing sensitive data via cookies, then you're using the wrong approach.

If the customer decides after the order to place another order, I want the products on the last order to be gone when they view the cart. No, of course i'm not sending secure stuff in cookies. The cookies are for the customer to view the items they ordered. The items are stored for my purposes in a database.

In the code above, the cookie I am writing is expired. It is set to the day before. I was just asking why my code isn't working.

Have you tried using server side sessions instead if putting their ordered products in a cookie? By using sessions, all you would need to do is clear some or all of the session vars once the order completed. Then, when they place another order either within the same session or in a new session the following day, there would be no prior ordered products to worry about when viewing the cart.

http://search.cpan.org/~markstos/CGI-Session-4.20/lib/CGI/Session.pm
http://search.cpan.org/~markstos/CGI-Session-4.20/lib/CGI/Session/Tutorial.pm

I just might use that. Thanks!