Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
sancho sebastine
How to remove persistent cookies.
October 18, 2008 12:52 AM
Answer

sancho sebastine

Rank: New Member

Posts: 15

Join Date: October 18, 2008

Recent Posts

Hi,

According US federal laws you are not supposed to put cookies in client machines. Could you tell me how to remove usage of cookies from Liferay. Is this possible.?

Any help is highly appreciated......

Thanks & Regards
Sancho

Following is the detailed error report....

Persistent Cookies

http://10.110.50.26:8080/web/guest/ir
http://10.110.50.26:8080/web/guest/guest
http://10.110.50.26:8080/web/guest/home

Summary: Cookies are small bits of data that are sent by the web application but stored locally in the browser. This lets
the application use the cookie to pass information between pages and store variable information. The web
application controls what information is stored in a cookie and how it is used. Typical types of information
stored in cookies are session Identifiers, personalization and customization information, and in rare cases
even usernames to enable automated logins. There are two different types of cookies: session cookies and
persistent cookies. Session cookies only live in the browser's memory, and are not stored anywhere.
Persistent cookies, however, are stored on the browser's hard drive. This can cause security and privacy
issues depending on the information stored in the cookie and how it is accessed.
Execution: All cookies are set by the server via the Set-Cookie HTTP Header. A browser knows to store that cookie as a
persistent cookie when it finds the keyword 'Expires=' followed by a date in the future. If there is no
'Expires=' tag, or if the specified date has already passed, then the browser will keep the cookie in memory
only as a session cookie.
To view the persistent cookie set on this page, view the HTTP response and examine the Set-Cookie
header. You should see the 'Expires=' tag with a future date specified.
Implication: Persistent cookies are stored on the browsing clients hard drive even when that client is no longer browsing
the Web site that set the client. Depending on what information is stored in the cookie, this could lead to
security and privacy violations. The Office of Management and Budget has decreed that no federal websites
shall use persistent cookies except in very specific situations.
Fix: From a coding perspective, the only distinction between a session cookie and a persistent cookie is the
'Expires=' tag that specifies when a persistent cookie should expire. If a cookie has no 'Expires=' tag, then it
is automatically interpreted as a session cookie. Removing the expiration date from the code that sets the
cookie will change it to a session cookie.
Reference: White House Office of Management and Budget:
Memorandum M-00-13 Privacy Policies and Data Collection on Federal Web Sites
Microsoft Knowledgebase Article:
Description of Persistent and Per-Session Cookies in Internet Explorer.
James Min
RE: How to remove persistent cookies.
October 18, 2008 10:56 AM
Answer

James Min

LIFERAY STAFF

Rank: Expert

Posts: 293

Join Date: August 14, 2006

Recent Posts

Have you tried setting this in portal-ext.properties?

#
# Set this to false to disable all persistent cookie. Features like
# automatically logging in will not work.
#
session.enable.persistent.cookies=false
sancho sebastine
RE: How to remove persistent cookies.
October 20, 2008 8:03 PM
Answer

sancho sebastine

Rank: New Member

Posts: 15

Join Date: October 18, 2008

Recent Posts

Yes this is working.

I had tried this earlier. But I had found it not working. Maybe I tested it wrong.

Thanks a lot.