Respect response's Set-Cookie header on HTTP::Response#next-request #156

astj · 2016-11-06T14:26:05Z

Currently, HTTP::Response#next-request doesn't care about Set-Cookie header of the response (understand just Location header).
So, If someone wants to request with some received Cookie (like session Cookie), one has to set Cookie manually like following:

    my $next-req = $res.next-request;
    my $cookies = HTTP::Cookies.new;
    $cookies.extract-cookies($res);
    $next-req.add-cookies($cookies);

I think it's useful if HTTP::Response#next-request understands response's Set-Cookie header and automatically set Cookies to the next request.

The text was updated successfully, but these errors were encountered:

jonathanstowe · 2016-11-06T15:13:41Z

Yep, that's almost certainly right, I'll see if I can do that this afternoon without breaking anything.

jonathanstowe · 2016-11-06T15:48:46Z

Hmm this would be fine, if the domain check was implemented properly on the add-cookies :(

I'm going to put another issue in to fix that first, before doing this, as I'd rather not be making things actually more insecure than they are.

jonathanstowe self-assigned this Nov 6, 2016

jonathanstowe added the enhancement label Nov 6, 2016

jonathanstowe mentioned this issue Nov 6, 2016

Implement domain check on cookies #157

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Respect response's Set-Cookie header on HTTP::Response#next-request #156

Respect response's Set-Cookie header on HTTP::Response#next-request #156

astj commented Nov 6, 2016

jonathanstowe commented Nov 6, 2016

jonathanstowe commented Nov 6, 2016

Respect response's Set-Cookie header on HTTP::Response#next-request #156

Respect response's Set-Cookie header on HTTP::Response#next-request #156

Comments

astj commented Nov 6, 2016

jonathanstowe commented Nov 6, 2016

jonathanstowe commented Nov 6, 2016