Subject: | Proposal: extending cookie_secure configuration option |
Date: | Mon, 01 Jun 2009 13:36:29 +0200 |
To: | bug-Catalyst-Plugin-Session-State-Cookie [...] rt.cpan.org |
From: | kmx <kmx [...] volny.cz> |
Hi,
I have a sort of idea to extend cookie_secure option to support these
values:
0 = do not set secure flag
1 = set secure flag (always)
2 = set secure flag only if the request that caused cookie generation
was sent over https
The patch would be something like this:
- $cookie->{secure} = 1 if $cfg->{cookie_secure};
+ my $sec = $cfg->{cookie_secure} || 0;
+ $cookie->{secure} = 1 if (($sec==1) || (($sec==2) && ($c->req->secure)));
To me it would make much sense to have 2 as default.
But I am not sure if you will like the whole idea.
--
kmx