[Catalyst-dev] Patch for C::P::Session::State::Cookie
Wade.Stuart at fallon.com
Wade.Stuart at fallon.com
Thu Aug 3 19:30:38 CEST 2006
catalyst-dev-bounces at lists.rawmode.org wrote on 08/03/2006 12:12:49 PM:
> I roughly know how cookie works.
> I had situation that lynx would croak when I baked a cookie with
> path attribution '/abc' under a request of path '/'.
> But I haven't confirmed it again.
It should just set security scope for the cookie at a more specific level
then hostname, left unset path is assumed to match at /. It is in the RFC
(http://www.w3.org/Protocols/rfc2109/rfc2109) and I have yet to find a
browser that supports cookies at all that does not fully support path. If
it broke lynx it was a bug and should have been fixed -- in your example
lynx should have noticed that / was not in the scope of host/abc and sent
the request with no cookie.
> 2006/8/3, Brandon Black <blblack at gmail.com>:
>
> The point isn't to limit when/if we bake the cookie. The "path"
> attribute of a cookie tells the browser what paths to send it back
> to us for. So if you have a cookie called "session_id", and your app is
at
> http://myhost/catapp, and there's another application hosted at
> http://myhost/otherapp which also has a "session_id" cookie, you'll
> definitely need this to avoid them stepping on each other. If the
> root of the domain ( http://myhost/) and everything beneath it is
> all served just by your Catalyst app, then I guess one wouldn't careabout
it.
>
> -- Brandon
>
>
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst-dev
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst-dev
More information about the Catalyst-dev
mailing list