| Subject: | cgi::session overwrites content-encoding when setting cookie |
I'm using CGI::Session to manage state for various sessions between
user agents and backend servers. The user agents are created by
are doing JavaScript script injection from another server, and doing
cross-domain json-p requests to my code.
In a nutshell, that means that my code won't get cookies on any
inbound requests, and any set-cookie headers that my code sends
won't be honored, since this is all cross-domain traffic.
Anyway -- short of subclassing the entire CGI::Session to defeat the
cookie() method and the http_header() methods, there isn't a way
to not send the setcookie header.
That limitation doesn't really concern me, since the header will
just be ignored, but the resetting of the content-type in the
http_header method is a real issue for my code.
The default code is:
sub http_header {
my $self = shift;
return $self->query->header(-cookie=>$self->cookie,
-type=>'text/html', @_);
}
It would be nice if the code didn't just whack out it's idea of a
type header, overwriting whatever was there before. Or at least
it would be nice to have an option not to set the content-encoding.
I don't believe there is a requirement that the document type
be text/html to be able to set a cookie. (I didn't see anything
in a quick reading of RFC2109, at any rate.)
Thanks for your attention.
Relevant information:
CGI::Session v 4.42
perl -v:
This is perl 5, version 12, subversion 1 (v5.12.1) built for
i86pc-solaris-64int
uname -a:
SunOS dev01.cello.com 5.11 snv_130 i86pc i386 i86pc