HTTP::Cookies could maintain consistency in domain name handling while writing vs reading in/from cookie jar #68
Comments
jebas476
changed the title
This part is definitely a bug, because domain names are case-insensitive. |
|
The |
|
I think we should fix this. Is anyone motivated to put a pull request together? |
|
Another gotcha in terms of consistency in "add_cookie_header" is that it changes the domain to "$domain.local" unless the domain includes a ".". If you're using "localhost" or some other locally defined domain, this creates an incorrect cookie. Worked around it by using "127.0.0.1" instead of "localhost" but then tracked down the bug... |
Of course, at this point, people might be banking on that behaviour so not so easy to change the following line... $domain = "$domain.local" unless $domain =~ /./; |
set_cookie() uses the $domain value as it is without changing the casing. But add_cookie_header() calculates the $domain value via _host() which is always lowercase. This creates challenge when we work with case sensitive domain/urls with HTTP::Cookies.
We(@WahidAbdullahK) had a scenario where we had a case sensitive base url (e.g https://sYknjFe.xyz.com) and we had to create a request to a url (e.g https://sYknjFe.xyz.com/data) via LWP::UserAgent with some cookies. So when creating the cookie jar using HTTP::Cookies we just passed the domain name that we got out of base url which is
sYknjFe.xyz.comand set_cookie() added as it is and the created cookie jar is then passed to LWP::UserAgent object for raising a http request. While raising the http request with the url valuehttps://sYknjFe.xyz.com/dataadd_cookie_header() of HTTP::Cookies got invoked but now it was looking for the lower cased domain(from _host()) in cookie jar i.esyknjfe.xyz.comand because of case difference it doesn't find it and end up in not adding any of the cookies in the http header. Though I could see some references in the web that urls & cookie domain paths can be case sensitive, and with that it seems _host() could create case sensitive domain return value , but I am not really sure of the best course of action here. But in general HTTP::Cookies could maintain consistency in terms of writing and reading domain name.The text was updated successfully, but these errors were encountered: