((( [logo]Racket )))Need Help?
AboutDownloadDocumentationPackagesCommunityLearning

[racket] net/cookie update

From: Jay McCarthy (jay.mccarthy at gmail.com)
Date: Sun Feb 8 09:07:09 EST 2015		 
On Sat, Feb 7, 2015 at 2:18 PM, Jordan Johnson <jmj at fellowhuman.com> wrote:

> Hi all,
>
> In writing some cookie-handling code I noticed that
> 1) the Racket net/cookie library is based on RFC 2109, obsoleted by two
> new cookie RFCs since then (the current being 6265)
> 2) the net/cookie library’s imperative interface feels very un-Rackety
>

I very much agree.


>
> I initially just wanted to be able to use the HttpOnly flag, and later got
> to thinking it’d be more Rackety to have a cookie constructor based on
> keyword args, like (using provide/contract syntax):
> [make-cookie (->* (cookie-name? cookie-value?)
>                           (#:expires (or/c date? #f)
>                            #:max-age (or/c (and/c integer? positive?) #f)
>                            #:domain (or/c valid-domain? #f)
>                            #:path (or/c path/extension-value? #f)
>                            #:secure? boolean?
>                            #:http-only? boolean?
>                            #:extension (or/c path/extension-value? #f))
>                           cookie?)]
> where cookie-name?, cookie-value?, and path/extension-value? are written
> as per RFC 6265.
>

Yes, I think that would be the best.


>
> So I’ve done some work and would like to eventually volunteer an updated
> cookie lib that complies with the newer RFC. Thing is, it’s going to be
> backward-incompatible in some small ways, since RFC 6265 disallows some
> things (like double-quotes as non-start/end chars of a cookie value) that
> net/cookie permits.
>
> My question is, which approach would the Racket maintainers prefer:
>
>    1. add a new constructor, like the above, that does RFC6265 checking
>    and leave all of net/cookie’s machinery otherwise untouched
>    2. do the above and also add RFC 6265 checks to the relevant
>    cookie:... functions in the library (which involves rewriting the tests and
>    may break some old apps that use it)
>    3. replace the old net/cookie interface altogether
>    4. add a differently-named library to net/ (and mark the old one as
>    deprecated?)
>    5. add a library somewhere else (e.g., somewhere in web-server/)
>    6. just write a separate cookie package that can be made available via
>    pkg.racket-lang.org (I noticed an undocumented attempt at this at
>    https://github.com/Kalimehtar/client-cookies)
>    7. or something else?
>
> I prefer a combination of 3, 4 and 6. You should stake out a new name like
net/cookies or net/rfc6265 or something. Make a package that provides that
and send a pull request that changes the net/cookie docs to mark it as
deprecated.

Thanks so much!

Jay

-- 
Jay McCarthy
http://jeapostrophe.github.io

           "Wherefore, be not weary in well-doing,
      for ye are laying the foundation of a great work.
And out of small things proceedeth that which is great."
                          - D&C 64:33
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20150208/dbd2dc34/attachment-0001.html>
Posted on the users mailing list.