Re: [Cgi-session-user] CGI Session not support HTTPONLY
Brought to you by:
sherzodr
Menu
▾
▴
Re: [Cgi-session-user] CGI Session not support HTTPONLY
|
From: Carbone M. <mca...@ma...> - 2009-09-03 19:42:35
|
> Hi, I am using CGI-Session-4.42 in a project and I need the cookie to > support the httponly (http://www.owasp.org/index.php/HTTPOnly) flag, I > modified the cookie method to support it. > Is there a way to do this without modifying the method? This could > bring problems when updating the CGI::Session version. > > this methods are added by myself (rencently updated to CGI::Session 4.42) > > sub httponly { > my $self = shift; > > my $dataref = $self->{_DATA}; > $dataref->{_HTTPONLY} = 1; > $self->_set_status( STATUS_MODIFIED ); > > return $self; > } > > sub secure { > my $self = shift; > my $secure = shift || 0; > > my $dataref = $self->{_DATA}; > $dataref->{_SECURE} = $secure; > $self->_set_status( STATUS_MODIFIED ); > > return $self; > } > > > sub cookie { > my $self = shift; > > my $query = $self->query(); > my $cookie= undef; > # FIXME se esta repitiendo, se podria generalizar > if ( $self->is_expired ) { > > $cookie = $query->cookie( -secure=> $self->is_secure, > -httponly=> $self->is_httponly, > -name=>$self->name, > -value=>$self->id, > -expires=> '-1d', @_ > ); > } > elsif ( my $t = $self->expire ) { > $cookie = $query->cookie( -secure=> $self->is_secure, > -httponly=> $self->is_httponly, > -name=>$self->name, > -value=>$self->id, > -expires=> '+' . $t . 's', @_ > ); > } > elsif ( $self->is_httponly ) { > $cookie = $query->cookie( -secure=> $self->is_secure, > -httponly=> $self->is_httponly, -name=>$self->name, -value=>$self->id, > @_ ); > } > else { > $cookie = $query->cookie( -name=>$self->name, > -value=>$self->id, @_ ); > } > return $cookie; > } > > Regards, Miguel > |
