On Tue, Apr 14, 2009 at 7:50 PM, Tomas Doran <bobtf...@bobtfish.net> wrote: > > On 14 Apr 2009, at 10:58, Scott Thomson wrote: >> >> Currently Catalyst::Plugin::Session::State::Cookie doesn't allow >> configuration of the HttpOnly flag, it looks trivial to add, so >> basically I'm wondering whether this idea has been discussed and >> discounted before and if there is any reason why I shouldn't just >> patch it? >> > > No reason I can think of right now. > > Patches with tests always welcome. > > Cheers > t0m
OK - I had a look through the various components to figure out how to do this and it is not as simple as I first thought as Catalyst::Engine uses CGI::Simple::Cookie to create cookies which doesn't support the HttpOnly flag. So I have locally patched CGI::Cookie::Simple, Catalyst::Plugin::Session::State::Cookie and Catalyst::Engine and it all seems to work. So my plan is first to send the patch to the CGI::Simple maintainer and if it looks like it will go in, send the Catalyst patches - with tests! :) - here. Cheers, Scott _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/