On Jan 23, 2008, at 5:45 AM, Octavian Rasnita wrote:
Hi,
I've seen that if I skip setting the cookie_domain for the session
in MyApp.pm, the authentication works for all the domain names, but
only if I use Internet Explorer.
Firefox doesn't like the cookies without a domain set so the
authentication doesn't work at all with this browser.
This is simply not true, firefox deals with cookies without a domain
just fine.
From RFC2109 (HTTP State Management Mechanism)
Domain=domain
Optional. The Domain attribute specifies the domain for which
the
cookie is valid. An explicitly specified domain must always
start
with a dot.
Note the 'Optional', the spec does not require the cookie to specify a
domain.
4.3 User Agent Role
4.3.1 Interpreting Set-Cookie
The user agent keeps separate track of state information that
arrives
via Set-Cookie response headers from each origin server (as
distinguished by name or IP address and port). The user agent
applies these defaults for optional attributes that are missing:
...
Domain Defaults to the request-host. (Note that there is no dot at
the beginning of request-host.)
From the terminology section:
The terms request-host and request-URI refer to the values the
client
would send to the server as, respectively, the host (but not port)
and abs_path portions of the absoluteURI (http_URL) of the HTTP
request line. Note that request-host must be a FQHN.
So the behavior you are requesting is already what the RFC requires
the browser to do with a cookie that does not have a domain specified,
and this RFC is over 10 years old.
So the best solution is to use in Root.pm:
$c->config->{session}->{cookie_domain} = $c->req->hostname;
It could be helpful if this could be done automaticly if there is no
cookie_domain set for the session, instead of not sending any domain.
Octavian
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
--
Jason Kohles, RHCA RHCDS RHCE
[EMAIL PROTECTED] - http://www.jasonkohles.com/
"A witty saying proves nothing." -- Voltaire
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
