Mailing List Archive

Cookies placed in $c->response->cookies only get sent with name and value,
no path or expiration.

The problem is in Apache.pm's sub finalize_headers:

while ( my ( $name, $cookie ) = each %{ $c->response->cookies } ) {
my %cookie = ( -name => $name, -value => $cookie->{value} );
$cookie->{-expires} = $cookie->{expires} if $cookie->{expires};
$cookie->{-domain} = $cookie->{domain} if $cookie->{domain};
$cookie->{-path} = $cookie->{path} if $cookie->{path};
$cookie->{-secure} = $cookie->{secure} if $cookie->{secure};
my $cookie = Apache::Cookie->new( $c->original_request, %cookie );
..etc

The -expires, -path, etc, are only being set on the $cookie hashref, not on
the %cookie hash that is being sent to the Apache::Cookie constructor.

Should be:

while ( my ( $name, $cookie ) = each %{ $c->response->cookies } ) {
my %cookie = ( -name => $name, -value => $cookie->{value} );
$cookie{-expires} = $cookie->{expires} if $cookie->{expires};
$cookie{-domain} = $cookie->{domain} if $cookie->{domain};
$cookie{-path} = $cookie->{path} if $cookie->{path};
$cookie{-secure} = $cookie->{secure} if $cookie->{secure};
my $cookie = Apache::Cookie->new( $c->original_request, %cookie );
..etc