Looks like there's change coming soon regarding cookies requiring "SameSite" to be defined, as I get a warning when I inspect (browser developer mode)
Cookie “CGISESSID” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Below is my test attempt to force "samesite" and "secured" values. This test sets the cookie, but my hash inserts do not take according to the browser Cookie manager plugin. Any thoughts on a better work around? Trying to stick with CGI::Session as it's server-side storage, though CGI::Cookie may have to be my next route.
use strict; use CGI ':standard'; use CGI::Carp 'fatalsToBrowser'; use CGI::Session; use Data::Dumper; my $CS=new CGI::Session(); $CS->expire('+1d'); $CS->{_QUERY}->{'.cookies'}->{CGISESSID}->{samesite}='Lax'; $CS->{_QUERY}->{'.cookies'}->{CGISESSID}->{secure}=1; print $CS->header(); print start_html('Test'); print Dumper($CS->{_QUERY}->{'.cookies'}->{CGISESSID}); print end_html;
(Edit: add-on) While testing further and trying CGI::Cookie, I'm still not able to assign "SameSite" values, but I am able to set others (secure, httponly)
my $cookie=CGI::Cookie->new( -name=>$CS->name, -value=>$CS->id, -samesite=>'Lax', # (Lax, Strict, None) tested unsuccessfully -secure=>1, -httponly=>1 ); print header(-cookie=>$cookie);
In reply to CGI::Session Cookies by JayBee
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |