It looks like everyone has tried to fix the cookies lately, and no-one managed
to get it 100% correctly.
The current implementation doesn't set the path correctly, and you can't use
@cookies in a #service-overload.
Qwzybug's patch fixed only the sessions.
Jenna's patch won't allow to set complex cookies (@cookies.key = {:path =>
"/path", :value => "value", :expires => Time.now + 900}) and won't work
properly when you use #method_missing (which allows you to do
Blog.get(:Controller)).
So I took Bluebie's code and rewrote it a bit. I moved some logic (which
currently is in #service) from #call to Base#to_a. So even if you're not using
Rack, you need to call #to_a in order to clean things up.
The code is available in the proper_cookie-branch:
http://github.com/judofyr/camping/commits/proper_cookies
I've tested it with Firefox + LiveHTTPHeaders and it seems to work fine. If
anyone spots a bug, please comment on a commit (or scream out on IRC)!
Oh, and _why has to decide if we should make the session-system completely
XSS-proof, or be a little more relaxed. It doesn't have to be XSS-proof as
long as you keep the cookies secret (aka, escapes all Javascript).
--
Magnus Holm
_______________________________________________
Camping-list mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/camping-list
