I have seen people making cookies expire by setting a 1980 year just to be sure.
Do you happen to know if the day of week is a required field in the date? Does 01-Jan-1980 00:00:00 GMT work? Or do I need to whip out a calendar? (Gee, hope I saved one. :-)
Summary of findings.
Mr. Smith and I baked dozens of cookies yesterday. The MSIE 6.x were all tasty. Unfortunately, the Netscape 4.78 cookies left a bitter taste in our mouths.
Netscape cookies are required to contain at least two dots in the domain field, if a domain is given. The convention is to use, for example, .freerepublic.com (note the leading dot.) This works fine for
http://www.freerepublic.com and
http://beta.freerepublic.com. The problem url is
http://freerepublic.com which contains just one dot. Netscape refuses to set a cookie, any cookie, for the single dot url if the cookie's domain field is set within the cookie. The double dot .freerepublic.com cookie domain field does not work, I assume, because .freerepublic.com is not a substring of freerepublic.com. Since Netscape refuses to set cookies with just a single dot in the cookie domain field,
http://freerepublic.com will not work if the cookie domain is specified. However, it WILL work if the cookie domain field is not specific and allowed to default. Unfortunately, such cookies do not match the other variants of URLs (
http://www.freerepublic.com nor
http://beta.freerepublic.com)
Ergo, our finding, it's screwed.
The possible solutions are many. Smith and I discussed redirecting. Redirecting may have a snag, as the only HTTP request method eligible for redirection is GET (redirecting of POST is probably not well supported, and redirecting of HEAD will not have the desired effect--I don't think. However, it has been a long time since I've read the HTTP specs.) Though in reality, this may be inconsequential.
Another solution is to discontinue web serving on
http://freerepublic.com as most web browsers will prepend www. to the URL if the www-less variant fails to connect to a web server. My only concern is of the thousands of www-less URLs that exist and the browsers and web spiders that will not hunt down the www version.
A final solution is to explicitly set a BASE HREF="
http://www.freerepublic.com/etc" in all documents generated.
Though, these solutions only affect the one issue of not being able to use the generic .freerepublic.com (double dot) cookie domain. I still have other unresolved HTTP cookie issues, such as not being able to clear cookies, and getting requests with cookies that Free Republic never set (and being unable to unset them.)