[Dancer-users] Cookies handling is broken

Vincent Bachelier geistteufel at yahoo.fr
Mon Feb 28 14:41:00 CET 2011


Hi, I'm new to this project, so I have made susbck.com a shorten url system. I have need cookies for detecting uniq click and well I have lighting up the thing that cookie doesn't work at all.

I know the spec say we can set multiple cookie at one by sending Set-Cookie with value separated by coma. But all navigator doesn't support it. I have test it on "Firefox, Firefox 4, Safari iPad / iPhone, Chrome and IE".
CGI::Cookie use multiple lines with HTTP::Headers, something like this :

$headers->push_header('Set-Cookie', 'key=value, expire, domain').

So if they is many cookie to be sent at once, header look like :

Set-Cookie: a=1
Set-Cookie: b=2
...

One line per cookie to change. All navigator support it perfectly like this.

Another point, on FreeBSD the cookie test failed on the current cpan_version "1.3011". In fact, the has_changed sent back the last cookie I sent from the navigator.

The comparaison is a value version an array.

I think it could be better to change the way the has_changed work. When we call "set_cookie", we could add the an hash the cookie we want to sent back. And so the has_changed check the key on the hash and just tell ok. It's faster and more secure. if the cookie contain array or hash, it could be really more easy.

So I have made a patch on my fork to make it work with multiple line, but the test unit (old style) doesn't work anymore. And the test on cookie has to be rewrite using new style test with Dancer::Test to prevent same header on multiple call to be pass from one test to another.

I will add a pod for NGINX + Plackup + PERLBREW, I have set this up for my project, and the advent.perldancer doesn't work as it should be. All static file is sent by plackup instead of nginx.

Here my repos to check the change :

https://github.com/geistteufel/Dancer

It sent one cookie per header line, and I have added push_header function. The bad thing is that "has_changed" tell that all cookies has changed, so it sent it back. We need a test for this.

> Date: Mon, 28 Feb 2011 11:42:54 +0000
> From: mfontani at cpan.org
> To: sukria at sukria.net
> CC: dancer-users at perldancer.org
> Subject: Re: [Dancer-users] Cookies handling is broken
> 
> > To do so he uses multiple cookies to flag each visitors, and he came to
> > realize that Dancer's cookie handling is ... well, completely broken :/
> 
> I did have a similar problem in my Brocco[1] blog engine, and so far
> I've "fixed" it in my app(s) with the following ugly workaround:
> 
> ## Fix cookies
> before sub {
>     my $c = cookies;
>     delete $c->{$_} for grep $_ ne 'dancer.session', keys %$c;
> };
> 
> I am aware the above is not a fix _for Dancer_, but it allows
> _applications_ which may "receive" tracking cookies to _work_ if they
> use a Dancer::Session::* and they only care about the "dancer.session"
> cookie.
> 
> If the app needs to use more than one cookie, the above does not seem
> to be a solution, unfortunately.
> 
> -marco-
> 
> [1]: https://github.com/mfontani/Brocco
> 
> ----
> Marco Fontani
> Glasgow Perl Mongers - http://glasgow.pm.org/
> Join the RackSpace Cloud at: http://www.rackspacecloud.com/277.html
> _______________________________________________
> Dancer-users mailing list
> Dancer-users at perldancer.org
> http://www.backup-manager.org/cgi-bin/listinfo/dancer-users
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.backup-manager.org/pipermail/dancer-users/attachments/20110228/43a3fdc0/attachment-0001.htm>


More information about the Dancer-users mailing list