Skip Menu |

This queue is for tickets about the CGI-Session CPAN distribution.

Report information
The Basics
Id: 62460
Status: new
Priority: 0/
Queue: CGI-Session

People
Owner: Nobody in particular
Requestors: lidl [...] pix.net
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 4.42
Fixed in: (no value)



Subject: cgi::session overwrites content-encoding when setting cookie
I'm using CGI::Session to manage state for various sessions between user agents and backend servers. The user agents are created by are doing JavaScript script injection from another server, and doing cross-domain json-p requests to my code. In a nutshell, that means that my code won't get cookies on any inbound requests, and any set-cookie headers that my code sends won't be honored, since this is all cross-domain traffic. Anyway -- short of subclassing the entire CGI::Session to defeat the cookie() method and the http_header() methods, there isn't a way to not send the setcookie header. That limitation doesn't really concern me, since the header will just be ignored, but the resetting of the content-type in the http_header method is a real issue for my code. The default code is: sub http_header { my $self = shift; return $self->query->header(-cookie=>$self->cookie, -type=>'text/html', @_); } It would be nice if the code didn't just whack out it's idea of a type header, overwriting whatever was there before. Or at least it would be nice to have an option not to set the content-encoding. I don't believe there is a requirement that the document type be text/html to be able to set a cookie. (I didn't see anything in a quick reading of RFC2109, at any rate.) Thanks for your attention. Relevant information: CGI::Session v 4.42 perl -v: This is perl 5, version 12, subversion 1 (v5.12.1) built for i86pc-solaris-64int uname -a: SunOS dev01.cello.com 5.11 snv_130 i86pc i386 i86pc