[Dancer-users] Cookies handling is broken
Alexis Sukrieh
sukria at sukria.net
Mon Feb 28 12:32:59 CET 2011
Hi again,
A co-worker of mine started using Dancer to built an URL-shortener with
unique-click stats.
http://susbck.com/
To do so he uses multiple cookies to flag each visitors, and he came to
realize that Dancer's cookie handling is ... well, completely broken :/
The most important thing we do wrong is to use one single Set-Cookie
header (this is a recent change). Indeed, even if the HTTP specs tells
us to do so, most browsers fail at parsing one Set-Cookie header with
multiple values.
Apparently it's way better to use multiple Set-Cookie headers (like
Dancer used to do).
Moreover, in the current version, Dancer splits the Set-Cookie header in
a rather stupid way (split /[,;]/) which leads to have a mess of values
when cookies are set with options (like "expires", or "path").
I'm saying that to the list just to warn you that we should change the
way Dancer handles cookies. Actually, I think we should rewrite it
completely, maybe by looking at how CGI::Cookie works.
There already two issue reports written by my co-worker that explains
what he came accross:
https://github.com/sukria/Dancer/issues#issue/356
https://github.com/sukria/Dancer/issues#issue/357
Any help is welcome ;)
I think this is our top-priority for the next release.
Regards,
--
Alexis Sukrieh
More information about the Dancer-users
mailing list