[Catalyst] Catalyst::Plugin::Session::State::Cookie and HttpOnly
flag
Scott Thomson
smoothhound at gmail.com
Thu Apr 16 16:47:16 GMT 2009
On Tue, Apr 14, 2009 at 7:50 PM, Tomas Doran <bobtfish at bobtfish.net> wrote:
>
> On 14 Apr 2009, at 10:58, Scott Thomson wrote:
>>
>> Currently Catalyst::Plugin::Session::State::Cookie doesn't allow
>> configuration of the HttpOnly flag, it looks trivial to add, so
>> basically I'm wondering whether this idea has been discussed and
>> discounted before and if there is any reason why I shouldn't just
>> patch it?
>>
>
> No reason I can think of right now.
>
> Patches with tests always welcome.
>
> Cheers
> t0m
OK - I had a look through the various components to figure out how to
do this and it is not as simple as I first thought as Catalyst::Engine
uses CGI::Simple::Cookie to create cookies which doesn't support the
HttpOnly flag.
So I have locally patched CGI::Cookie::Simple,
Catalyst::Plugin::Session::State::Cookie and Catalyst::Engine and it
all seems to work. So my plan is first to send the patch to the
CGI::Simple maintainer and if it looks like it will go in, send the
Catalyst patches - with tests! :) - here.
Cheers,
Scott
More information about the Catalyst
mailing list