[Catalyst-dev] Patch for C::P::Session::State::Cookie

[Wade.Stuart at fallon.com]

catalyst-dev-bounces at lists.rawmode.org wrote on 08/04/2006 12:54:55 PM:

> yes, that's what I meant.
> so, I'm afraid we should also control where to bake cookie if adding
> support for path attribution to C::P::S::State::Cookie.

Don't think so,  I think the cookie path add on is expecting it to be used
to allow you to path lock cookies for a non standard (err non root)
application dir.

Meaning if you actually root the application at:
http://www.example.com/this/is/my/path/   vs  http://www.example.com/

You would want to set the path to /this/is/my/path so your cookies are
locked into only your app.

But,  it is not expected that you would want to set cookie path to
/some/action if your application was rooted at http://www.example.com/ and
your app had a /some/action/.





> 2006/8/4, Wade.Stuart at fallon.com <Wade.Stuart at fallon.com>:
>
> Sorry to respond to myself,  but I just reread your message and I may
have
> misunderstood.  If you mean that you set the cookies path attr to /abc
> from a request to /,  that is disallowed from the rfc.
>
> 4.3.2   Rejecting Cookies
>
>    To prevent possible security or privacy violations, a user agent
>    rejects a cookie (shall not store its information) if any of the
>    following is true:
>
>    * The value for the Path attribute is not a prefix of the request-
>      URI.
>
>
> a cookie path of '/abc' can be set from a request to /abc/ or any url
under
> that prefix, but not '/' or '/xyz' ...
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst-dev
> _______________________________________________
> Catalyst-dev mailing list
> Catalyst-dev at lists.rawmode.org
> http://lists.rawmode.org/mailman/listinfo/catalyst-dev