Re: MP2 easy cookie interface available
Sounds great, it'd be a nice addition to Apache2::Cookie. Getting the
secret through to freeze and thaw is the tricky bit - I guess it could
just be supplied to fetch() and new().
There are a couple of extras that I'm adding:
- a delete method which deletes the cookie by name (ie. you don't have
to create an object)
- an expiry time validator - if you absolutely need cookies to expire on
time, store the expiry time in the validated cookie and check it,
instead of relying on the user to expire it.
I really wanted a module called Cookie::Factory though.. the pod could
be so amazingly funny.
Hehe! Perl is punny sometimes... the other day I wrote "sub merge {"...
...back to the code for me, I've started using Set-Cookie2 and firefox
is ignoring them :(
John
Re: MP2 easy cookie interface available
Having it validate the cookie based on a hash on data+ server secret is a great addition. I've been doing that already on a custom abstraction class for Apache::Cookie as well -- i needed to build something that would switch the cookie baking code to either use headers_out or bake on the fly, to get around a since fixed bug. Anyways, since i know many people who have subclassed or manipulated cookies to act like that, Maybe instead of your module being cpanned as a standalone, it could be incorporated into the main Apache2::Cookie ? ie: patch Apache2::Cookie to add a 'validation_require' flag, a 'validation_serversecret' string for hashing/matching, and have fetch return an error if validation is required but the hash doesn't match. I guess i should talk about that on the libapreq list though - there might be large opposition to it there and any patching i do will be hours of wasted time. For the past few months, I've been thinking about making a CookieFactory module that is kind of like the BBC's anytemplate -- just a simple abstraction class with simple configuration that can get/send via Apache::Cookie ( or another backend like cgi) , include the server-secret hack, but let it be a little easier for configuration (ie, i hate putting stuff in httpd.conf - i like to consolidate as much of my configuration in startup.pl or in the main handler.) if the main apache::cookie handled this, then i could just forget about my stupid idea and never think of it again. I really wanted a module called Cookie::Factory though.. the pod could be so amazingly funny.
Re: MP2 easy cookie interface available
Thanks for the feedback Philip. I believe it does subclass APR::Request::Cookie but I just left in all the 'use' statements from Apache2::Cookie. I figured the APR:: namespace would be the wrong place for it too. It need to override so many methods because they need to get the RequestRec object so the get_secret method can read the secret from dir_config - I couldn't think of an easier way but it does seem a bit much. cheers John Philip M. Gollucci wrote: Fowarding to apreq-dev (at) apache.org Did you really need to override all those methods? Granted I haven't looked at it that closely. The bigest thing I would say is you should subclass perhaps APR::Request::Cookie instead as that is the API we recommend these days. John ORourke wrote: http://www.versatilia.com/downloads/Validated.pm
Re: MP2 easy cookie interface available
Fowarding to apreq-dev (at) apache.org Did you really need to override all those methods? Granted I haven't looked at it that closely. The bigest thing I would say is you should subclass perhaps APR::Request::Cookie instead as that is the API we recommend these days. John ORourke wrote: Hi folks, I found the available cookie methods a bit tricky to use (I think the blessed scalars or overloading were confusing me!), so I wrote a simple cookie interface to use in place of Apache2::Cookie. Most of the code is copied from that. I haven't got time to CPAN-ify it at the mo, but there is some POD at the bottom and there are no licence conditions attached - I guess it should inherit the Apache2::Cookie license? Its main feature is automatic use of MD5 hashes to protect the cookie from being modified by the user, so you can store things in it safely. Grab it here: http://www.versatilia.com/downloads/Validated.pm and install it as Apache2/Cookie/Validated.pm somewhere in @INC. cheers John -- END What doesn't kill us can only make us stronger. Nothing is impossible. Philip M. Gollucci ([EMAIL PROTECTED]) 301.254.5198 Consultant / http://p6m7g8.net/Resume/ Senior Developer / Liquidity Services, Inc. http://www.liquidityservicesinc.com http://www.liquidation.com http://www.uksurplus.com http://www.govliquidation.com http://www.gowholesale.com
MP2 easy cookie interface available
Hi folks, I found the available cookie methods a bit tricky to use (I think the blessed scalars or overloading were confusing me!), so I wrote a simple cookie interface to use in place of Apache2::Cookie. Most of the code is copied from that. I haven't got time to CPAN-ify it at the mo, but there is some POD at the bottom and there are no licence conditions attached - I guess it should inherit the Apache2::Cookie license? Its main feature is automatic use of MD5 hashes to protect the cookie from being modified by the user, so you can store things in it safely. Grab it here: http://www.versatilia.com/downloads/Validated.pm and install it as Apache2/Cookie/Validated.pm somewhere in @INC. cheers John
