Open Spixmaster opened 3 months ago
@Spixmaster , what issue in particular do you have with Poco's handling of HTTP cookies?
Hello @matejk,
I have had this source code:
Poco::Net::HTTPCookie cookie = Poco::Net::HTTPCookie(
Poco::Net::HTTPCookie::escape(constant::http_cookie::session::name),
Poco::Net::HTTPCookie::escape(boost::uuids::to_string(uuid)));
cookie.setComment(Poco::Net::HTTPCookie::escape(message::http_cookie_comment::session));
cookie.setHttpOnly(true);
cookie.setMaxAge(constant::http_cookie::session::max_age);
cookie.setPath("/");
cookie.setSameSite(Poco::Net::HTTPCookie::SameSite::SAME_SITE_STRICT);
cookie.setSecure(true);
cookie.setVersion(1);
`response.set_header("Set-Cookie", cookie.toString());`
It compiles and is fine. However, it was not properly recognised by my browser, Brave Browser. The path was incorrectly /user
from where the HTML form was sent and the duration was also not set properly. It was a session cookie. The issue was fixed by cookie.setVersion(0);
. The Netscape draft is probably more compatible.
As I mentioned in the first text, there are several updated specifications which should be programmed long-term.
The current available versions for the HTTP Cookie are the original Netscape draft and RFC2109, both are obsoleted. The new specification RFC2965 is also obsoleted by RFC6265 which is the newest one.
I experience issues with the RFC2109 HTTP cookie in the Brave Browser while the Netscape HTTP Cookie works. However, the new specification should be followed long-term.