Having it validate the cookie based on a hash on data+ server secret is
a great addition.
I've been doing that already on a custom abstraction class for
Apache::Cookie as well -- i needed to build something that would switch
the cookie baking code to either use headers_out or bake on the fly, to
get around a since fixed bug.
Anyways, since i know many people who have subclassed or manipulated
cookies to act like that, Maybe instead of your module being cpanned as
a standalone, it could be incorporated into the main Apache2::Cookie ?
ie: patch Apache2::Cookie to add a 'validation_require' flag, a
'validation_serversecret' string for hashing/matching, and have fetch
return an error if validation is required but the hash doesn't match.
I guess i should talk about that on the libapreq list though - there
might be large opposition to it there and any patching i do will be
hours of wasted time.
For the past few months, I've been thinking about making a
CookieFactory module that is kind of like the BBC's anytemplate -- just
a simple abstraction class with simple configuration that can get/send
via Apache::Cookie ( or another backend like cgi) , include the
server-secret hack, but let it be a little easier for configuration
(ie, i hate putting stuff in httpd.conf - i like to consolidate as much
of my configuration in startup.pl or in the main handler.) if the
main apache::cookie handled this, then i could just forget about my
stupid idea and never think of it again.
I really wanted a module called Cookie::Factory though.. the pod could
be so amazingly funny.
- Re: MP2 easy cookie interface available Jonathan Vanasco
-
