[Seaside-dev] semantics of WACookie >> #path
Philippe Marschall
philippe.marschall at gmail.com
Sat Mar 30 17:21:21 UTC 2013
Hi
I'm currently looking into issue 749 [1] which turned out to be an
interesting encoding issue. While going through all the senders of
#pathString I noted that the current semantics of WACookie >> #path(:)
aren't really well defined.
Looking at the code they currently seem to be:
* unescaped when setting a cookie on the server
* the http header value (likely escaped) when sent from the client to
the server
This isn't as bad as it sounds since Opera was the only sane
implementation that would send the path back to the server (so that
the server can delete a cookie) and they're dumping their code base
for Chrome (or Chromium). But it's still an issue when we want to
support session cookies for non-ASCII paths. So the question is should
the path be escaped or not?
Traditionally we try to offer high level objects to the user that are
directly useful without having to do some parsing or decoding first.
However a string isn't actually that high level, a
SequenceableCollection would be.
As far as I can see our options are:
* make it an unescaped string
* make it an escaped string
* make in an escaped SequenceableCollection
Also, do we do the same on 3.0 and 3.1?
[1] http://code.google.com/p/seaside/issues/detail?id=749
Cheers
Philippe
More information about the seaside-dev
mailing list