[Cgi-session-user] [Fwd: Re: CGI Session not support HTTPONLY]
Brought to you by:
sherzodr
Menu
▾
▴
[Cgi-session-user] [Fwd: Re: CGI Session not support HTTPONLY]
|
From: Ron S. <ro...@sa...> - 2009-09-04 03:17:46
|
-------- Forwarded Message --------
> From: Miguel (LINTI) <mca...@ma...>
> To: Ron Savage <ro...@sa...>
> Subject: Re: CGI Session not support HTTPONLY
> Date: Thu, 03 Sep 2009 22:48:36 -0300
>
> Hi, Ron
>
> sorry copy and paste error, ;)
>
> I'dont really remember, but a I'think the code look like this:
>
> sub is_httponly { return defined($_[0]->dataref) ?
> $_[0]->dataref->{_HTTPONLY}: 0 }
>
> sub is_secure { return defined($_[0]->dataref) ?
> $_[0]->dataref->{_SECURE}: 0 }
>
> I'm not on my notebook
>
> Miguel
>
> > On Thu, 2009-09-03 at 16:27 -0300, Carbone Miguel wrote:
> >
> >> Thanks for help, but $session->cookie( -httponly => 1 ) doesn't work
> >>
> >>
> >> this methods are added by myself (rencently updated to CGI::Session 4.42)
> >>
> >> sub httponly {
> >> my $self = shift;
> >>
> >> my $dataref = $self->{_DATA};
> >> $dataref->{_HTTPONLY} = 1;
> >> $self->_set_status( STATUS_MODIFIED );
> >>
> >> return $self;
> >> }
> >>
> >> sub secure {
> >> my $self = shift;
> >> my $secure = shift || 0;
> >>
> >> my $dataref = $self->{_DATA};
> >> $dataref->{_SECURE} = $secure;
> >> $self->_set_status( STATUS_MODIFIED );
> >>
> >> return $self;
> >> }
> >>
> >>
> >> sub cookie {
> >> my $self = shift;
> >>
> >> my $query = $self->query();
> >> my $cookie= undef;
> >> # FIXME se esta repitiendo, se podria generalizar
> >> if ( $self->is_expired ) {
> >>
> >> $cookie = $query->cookie( -secure=> $self->is_secure,
> >>
> >
> >
> > I think this is a bug. Surely is_secure() has to return
> > $dataref->{_SECURE}, instead of $self, for this to work?
> >
> >
> >
> >> -httponly=> $self->is_httponly,
> >>
> >
> >
> > I think this is a bug. Surely is_httponly() has to return
> > $dataref->{_HTTPONLY}, instead of $self, for this to work?
> >
> >
> >
> >> -name=>$self->name,
> >> -value=>$self->id,
> >> -expires=> '-1d', @_
> >> );
> >> }
> >> elsif ( my $t = $self->expire ) {
> >> $cookie = $query->cookie( -secure=> $self->is_secure,
> >> -httponly=> $self->is_httponly,
> >> -name=>$self->name,
> >> -value=>$self->id,
> >> -expires=> '+' . $t . 's', @_
> >> );
> >> }
> >> elsif ( $self->is_httponly ) {
> >> $cookie = $query->cookie( -secure=> $self->is_secure,
> >> -httponly=> $self->is_httponly, -name=>$self->name, -value=>$self->id,
> >> @_ );
> >> }
> >> else {
> >> $cookie = $query->cookie( -name=>$self->name, -value=>$self->id,
> >> @_ );
> >> }
> >> return $cookie;
> >> }
> >>
> >> Miguel
> >>
> >> ---------------------------------
> >> Carbone Miguel
> >> Proyecto KOHA
> >> LINTI - Facultad de Informática
> >> Universidad Nacional de La Plata
> >> http://koha.linti.unlp.edu.ar/
> >>
> >>
> >> Mark Stosberg <ma...@su...> escribió:
> >>
> >>
> >>>> Is there a way to do this without modifying the method? This could bring
> >>>> problems when updating the CGI::Session version.
> >>>>
> >>>> elsif ( $self->is_httponly ) {
> >>>> $cookie = $query->cookie( -httponly=> 1, -name=>$self->name,
> >>>> -value=>$self->id, @_ );
> >>>>
> >>> Where does the "is_httponly" method come from?
> >>>
> >>> Can't you just do this?
> >>>
> >>> $session->cookie( -httponly => 1 )
> >>>
> >>> The cookie() method appears to be made to pass through any arguments
> >>> it does not recognize.
> >>>
> >>> Future questions should be directed to the CGI::Session users list,
> >>> not the maintainers directly.
> >>>
> >>> Mark
> >>>
> >>>
> >>>
> >>
> >>
>
--
Ron Savage
ro...@sa...
http://savage.net.au/index.html
|
