Closed anranyicheng closed 1 year ago
yes, example:
(ql:quickload :lack-middleware-session)
(ql:quickload :clack)
(defparameter *app*
(lambda (env)
'(200 (:content-type "text/plain") ("Hello, World"))))
(setf *app* (funcall lack.middleware.session:*lack-middleware-session* *app*))
(clack::clackup *app* :server :woo)
(ql:quickload :drakma)
(drakma:http-request "http://127.0.0.1:5000")
get : CL-USER> (drakma:http-request "http://127.0.0.1:5000") "Hello, World" 200 ((:DATE . "Fri, 26 May 2023 08:15:38 GMT") (:CONTENT-TYPE . "text/plain") (:SET-COOKIE . "lack.session=660b44a00864b97c2755c4b40d2edb7747a2e72a; path=/; expires=Tue, 18 Oct 2146 16:29:24 GMT; SameSite=Lax") (:TRANSFER-ENCODING . "chunked"))
T "OK" a cookie name "lack.session", leak server information by default.
Can you explain the issue?