Cookie support

[essen]

It could be interesting to support cookies. Thinking it should be per connection though, with cookies being forwarded to the owner process so that it can keep them elsewhere if needed.

[marianoguerra]

maybe implemented as I've seen in some other places where you have an instance of a "cookie jar" where you create a new instance, then pass responses (or headers or just the set-cookie headers) and it stores them, then you can ask it to format the Cookie request header for you.

something like:

Jar = cow_cookie_jar:new().
Jar1 = cow_cookie_jar:update(Jar, Response).
Jar2 = cow_cookie_jar:update(Jar1, Response1).
ReqCookieHeader = cow_cookie_har:format(Jar2).

what do you think?

[essen]

I want something per connection. I want 2 concurrent Gun connections to be able to use separate cookies. So Gun will keep track of cookies and send them back automatically.

Gun will also provide an interface to interact with cookies allowing for some kind of "cookie jar" pattern, but that pattern is not what I would like to implement.

Having separate cookies per connection allow having 2 concurrent connections querying a single website's API using different cookie values, which could be different users.

[marianoguerra]

yep, that makes it easier for the library user, I thought you wanted to provide cookie handling logic but leave it to the user to provide the cookies to the request.

[essen]

The only use case I am considering is cookies containing session tokens, and for that use case it's better to automatically handle it. Other use cases are more rare and generally not recommended so it's OK if the user needs to write a little extra code for those.

Thinking about it a bit more I think the user should be able to provide cookies for a request through the normal "cookie" header too, overriding any cookie Gun was already handling.

Anyway I probably will take a look only after I release Gun 1.0.

[essen]

I'll think about a callback interface for implementing cookie jar backends. It should be made to be ready for the current cookie draft at https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html

[essen]

https://docs.oracle.com/javase/7/docs/api/java/net/CookieStore.html is probably a good inspiration.

One important thing we're missing is parsing of the setcookie header and building of the cookie header.

[essen]

This part is basically what I started to implement, but it'll take a while. https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#storage-model

[essen]

A copy of the work done so far is available at https://gist.github.com/essen/5e0908a2ff230ed72ad7124dd3ff554c

I will create a proper branch and PR once it gets further, perhaps once there are some tests. Currently it only compiles.

Tests should probably be based on https://github.com/web-platform-tests/wpt/tree/master/cookies

[essen]

Cookie store is roughly done. GC remains, as well as using it in Gun, and minor details. All Web platform tests pass.

• https://github.com/ninenines/gun/pull/219
• https://github.com/ninenines/cowlib/pull/96

[essen]

I've added the public suffix check that was missing.

[essen]

I've just pushed a WIP commit where Gun is actually using the cookie store, and some of the WPT tests pass (all http-state ones pass for HTTP, most pass for HTTPS, none pass for HTTP/2).

[essen]

The code in https://github.com/ninenines/gun/pull/219 is basically complete. I will merge once the documentation is written.

[essen]

Documentation has been added to https://github.com/ninenines/gun/pull/219 and it will be merged during the week.

[essen]

This has been merged. I will prepare a new pre-release on Wednesday. Closing, thanks!