Cookie handling on HTTP server side?

[Marc Lehmann]

On Thu, Dec 29, 2011 at 05:50:52PM +0100, Zsbán Ambrus <ambrus at math.bme.hu> wrote:
> Do you know about some perl module that handles HTTP cookies on the
> HTTP server side properly?

Depends onw hat you call "properly" - many toolkits (even hideous CGI.pm)
obviously do parse cookies "good enough" in practise. Cookies are also an
art form, there is no working specification for them, cookie2 is basically
completely unused and so on.

> It's important that it can handle both old-style (Netscape) and
> new-style (RFC 2965) cookies.

I don't think new-style cookies will ever be useful in reality, every
client has to support "old style" cookies, which are neither netscape nor
rfc2109 in practise.

> I'd like something that can be combined with any HTTP server or CGI or
> similar framework.

Yes, it's indeed normally not part of the http server but the library
behind it.

> Of the existing solutions, the CGI module doesn't handle parsing
> new-style request cookie headers properly (and I have doubts about it
> being correct in old-style cookies too).  The LWP module (currently)
> doesn't seem to have any function to parse the contents of Cookie*
> headers, nor to format Set-Cookie* headers, so you can only use it on
> client side.

Makes sense.

> (from LWP) as the HTTP server.  I'm asking on this channel because
> elmex has the AnyEvent::HTTP module.

No, I don't know of any. To me, I'd be primarily curious, though, what use
rfc2965 has in reality :)

-- 
                The choice of a       Deliantra, the free code+content MORPG
      -----==-     _GNU_              http://www.deliantra.net
      ----==-- _       generation
      ---==---(_)__  __ ____  __      Marc Lehmann
      --==---/ / _ \/ // /\ \/ /      schmorp at schmorp.de
      -=====/_/_//_/\_,_/ /_/\_\