Hi,
I’m interfacing with a site that is sending me back a cookie like
the following, in the HTTP ‘set-cookie’ field.
require 'cgi'
raw_cookie =
"ID=867.5309; path=/; domain=site.com, " +
"SESS_mem=deleted; expires=Mon, 24 Jan 2005 19:48:10 GMT; path=/;
domain=.site.com, " +
"SESS_mem=deleted; expires=Mon, 24 Jan 2005 19:48:10 GMT; path=/;
domain=.site.com, " +
"SESS_mem=xyzzy-plugh-plover; path=/; domain=.site.com"
k = CGI::Cookie.parse(raw_cookie)
p k
This program outputs:
{“expires”=>[“Mon, 24 Jan 2005 19:48:10 GMT”],
“domain”=>[“site.com, SESS_mem=deleted”],
“ID”=>[“867.5309”], “path”=>[“/”]}
Is this a reasonable way for this set-cookie data to be parsed? It
seems
that CGI::Cookie.parse() isn’t aware that there are multiple cookies
specified in the data… It’s sort of giving a mixture of fields from
the four separate cookies.
Looking at the RFC, RFC 2965 - HTTP State Management Mechanism (RFC2965)
it seems to me the above raw_cookie data, conforms to the spec:
Informally, the Set-Cookie2 response header comprises the token Set-
Cookie2:, followed by a comma-separated list of one or more cookies.
Each cookie begins with a NAME=VALUE pair, followed by zero or more
semi-colon-separated attribute-value pairs.
Has anyone else run into this? I tried Perl’s CGI cookie parsing and
it returned similarly garbled results for this set-cookie data.
So I’m wondering if it’s really a bug? Or if I’m somehow misusing
CGI::Cookie.parse() , sending it the wrong format data, or whatever.
Thanks,
Regards,
Bill