[Catalyst-dev] Patch for C::P::Session::State::Cookie
islue
islue.hu at gmail.com
Fri Aug 4 19:54:55 CEST 2006
yes, that's what I meant.
so, I'm afraid we should also control where to bake cookie if adding support
for path attribution to C::P::S::State::Cookie.
2006/8/4, Wade.Stuart at fallon.com <Wade.Stuart at fallon.com>:
>
> Sorry to respond to myself, but I just reread your message and I may have
> misunderstood. If you mean that you set the cookies path attr to /abc
> from a request to /, that is disallowed from the rfc.
>
> 4.3.2 Rejecting Cookies
>
> To prevent possible security or privacy violations, a user agent
> rejects a cookie (shall not store its information) if any of the
> following is true:
>
> * The value for the Path attribute is not a prefix of the request-
> URI.
>
>
> a cookie path of '/abc' can be set from a request to /abc/ or any url
> under
> that prefix, but not '/' or '/xyz' ...
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.rawmode.org/pipermail/catalyst-dev/attachments/20060805/e27ee164/attachment.htm
More information about the Catalyst-dev
mailing list