Cookie
view release on metacpan or search on metacpan
HTTP::Request and this will add all relevant cookies in the repository
into the "Cookie" http request header. The object method needs to have
the "header" method in order to get, or set the "Cookie" or "Set-Cookie"
headers and the "uri" method.
As long as the object provided supports the "uri" and "header" method,
you can provide any class of object you want.
Please refer to the rfc6265
<https://datatracker.ietf.org/doc/html/rfc6265> for more information on
the applicable rule when adding cookies to the outgoing request header.
Basically, it will add, for a given domain, first all cookies whose path
is longest and at path equivalent, the cookie creation date is used,
with the earliest first. Cookies who have expired are not sent, and
there can be cookies bearing the same name for the same domain in
different paths.
add_response_header
# Adding cookie to the repository
$jar->add(
name => 'session',
value => 'lang=en-GB',
path => '/',
secure => 1,
same_site => 'Lax',
) || die( $jar->error );
# then placing it onto the response header
$jar->add_response_header;
This is the alter ego to "add_request_header", in that it performs the
equivalent function, but for the server side.
You can optionally provide, as unique argument, an object, such as but
not limited to, HTTP::Response, as long as that class supports the
"header" method
Alternatively, if an Apache object has been set upon object
instantiation or later using the "request" method, then it will be used
to set the outgoing "Set-Cookie" headers (there is one for every cookie
sent).
If no response, nor Apache2 object were set, then this will simply
return a list of "Set-Cookie" in list context, or a string of possibly
multiline "Set-Cookie" headers, or an empty string if there is no cookie
found to be sent.
Be careful not to do the following:
# get cookies sent by the http client
$jar->fetch || die( $jar->error );
# set the response headers with the cookies from our repository
$jar->add_response_header;
Why? Well, because "fetch" retrieves the cookies sent by the http client
and store them into the repository. However, cookies sent by the http
client only contain the cookie name and value, such as:
GET /my/path/ HTTP/1.1
Host: www.example.org
Cookie: session_token=eyJleHAiOjE2MzYwNzEwMzksImFsZyI6IkhTMjU2In0.eyJqdGkiOiJkMDg2Zjk0OS1mYWJmLTRiMzgtOTE1ZC1hMDJkNzM0Y2ZmNzAiLCJmaXJzdF9uYW1lIjoiSm9obiIsImlhdCI6MTYzNTk4NDYzOSwiYXpwIjoiNGQ0YWFiYWQtYmJiMy00ODgwLThlM2ItNTA0OWMwZTczNjBlIiwiaXNz...
As you can see, 3 cookies were sent: "session_token", "csrf_token" and
"site_prefs"
So, when "fetch" creates an object for each one and store them, those
cookies have no "path" value and no other attribute, and when
"add_response_header" is then called, it stringifies the cookies and
create a "Set-Cookie" header for each one, but only with their value and
no other attribute.
The http client, when receiving those cookies will derive the missing
cookie path to be "/my/path", i.e. the current uri path, and will create
a duplicate cookie from the previously stored cookie with the same name
for that host, but that had the path set to "/"
So you can create a repository and use it to store the cookies sent by
the http client using "fetch", but in preparation of the server
response, either use a separate repository with, for example, "my
$jar_out = Cookie::Jar->new" or use "set" which will not add the cookie
to the repository, but rather only set the "Set-Cookie" header for that
cookie.
# Add Set-Cookie header for that cookie, but do not add cookie to repository
$jar->set( $cookie_object );
algo
String. Sets or gets the algorithm to use when loading or saving the
cookie jar.
autosave
Boolean. Sets or gets the boolean value for automatically saving the
cookie jar to the given file specified with "file"
delete
Given a cookie name, an optional host and optional path or a Cookie
object, and this will remove it from the cookie repository.
It returns an array object upon success, or "undef" in perlfunc and sets
an error. Note that the array object may be empty.
However, this will NOT remove it from the web browser by sending a
Set-Cookie header. For that, you might want to look at the "elapse" in
Cookie method.
It returns an array object of cookie objects removed.
my $arr = $jar->delete( 'my-cookie' );
# alternatively
my $arr = $jar->delete( 'my-cookie' => 'www.example.org' );
# or
my $arr = $jar->delete( $my_cookie_object );
printf( "%d cookie(s) removed.\n", $arr->length );
print( "Cookie value removed was: ", $arr->first->value, "\n" );
If you are interested in telling the http client to remove all your
cookies, you can set the "Clear-Site-Data" header:
Clear-Site-Data: "cookies"
You can instruct the http client to remove other data like local
storage:
Clear-Site-Data: "cookies", "cache", "storage", "executionContexts"
duplicate cookies for the same domain and path, only the last one will
be retained.
If the cookie received does not contain any "Domain" specification,
then, in line with rfc6265 specifications, it will take the root of the
current domain as the default domain value. Since finding out what is
the root for a domain name is a non-trivial exercise, this method relies
on Cookie::Domain.
extract_cookies
This is an alias for "extract" for backward compatibility with
HTTP::Cookies
extract_one
This method takes a cookie string, which can be found in the
"Set-Cookie" header, parse it, and returns a Cookie object if
successful, or sets an error and return "undef" or an empty list
depending on the context.
It also takes an hash or hash reference of options.
The following options are supported:
* "host"
If provided, it will be used to find out the host's root domain, and
to set the cookie object "domain" property if none is specified in
the cookie string.
* "path"
If provided, it will be used to set the cookie object "path"
property.
* "port"
If provided, it will be used to set the cookie object "port"
property.
fetch
This method does the equivalent of "extract", but for the server.
It retrieves all possible cookies from the http request received from
the web browser.
It takes an optional hash or hash reference of parameters, such as
"host". If it is not provided, the value set with "host" is used
instead.
If the parameter "request" containing an http request object, such as,
but not limited to HTTP::Request, is provided, it will use it to get the
"Cookie" header value. The object method needs to have the "header"
method in order to get, or set the "Cookie" or "Set-Cookie" headers.
Alternatively, if a value for "request" has been set, it will use it to
get the "Cookie" header value from Apache modperl.
You can also provide the "Cookie" string to parse by providing the
"string" option to this method.
$jar->fetch( string => q{foo=bar; site_prefs=lang%3Den-GB} ) ||
die( $jar->error );
Ultimately, if none of those are available, it will use the environment
variable "HTTP_COOKIE"
If the option "store" is true (by default it is true), this method will
add the fetched cookies to the repository.
It returns an hash reference of cookie key => cookie object
A cookie key is made of the host (possibly empty), the path and the
cookie name separated by ";"
# Cookies added to the repository
$jar->fetch || die( $jar->error );
# Cookies returned, but NOT added to the repository
my $cookies = $jar->fetch || die( $jar->error );
file
Sets or gets the file path to the cookie jar file.
If provided upon instantiation, and if the file exists on the filesystem
and is not empty, "Cookie::Jar" will load all the cookies from it.
If "autosave" is set to a true, "Cookie::Jar" will automatically save
all cookies to the specified cookie jar file, possibly encrypting it if
"algo" and "secret" are set.
get
Given a cookie name, an optional host and an optional path, this will
retrieve its corresponding cookie object and return it.
If not found, it will try to return a value with just the cookie name.
If nothing is found, this will return and empty list in list context or
"undef" in scalar context.
You can "get" multiple cookie object and this method will return a list
in list context and the first cookie object found in scalar context.
# Wrong, an undefined returned value here only means there is no such cookie
my $c = $jar->get( 'my-cookie' );
die( $jar->error ) if( !defined( $c ) );
# Correct
my $c = $jar->get( 'my-cookie' ) || die( "No cookie my-cookie found\n" );
# Possibly get multiple cookie object for the same name
my @cookies = $jar->get( 'my_same_name' ) || die( "No cookies my_same_name found\n" );
# or
my @cookies = $jar->get( 'my_same_name' => 'www.example.org', '/private' ) || die( "No cookies my_same_name found\n" );
get_by_domain
Provided with a host and an optional hash or hash reference of
parameters, and this returns an array object of cookie objects matching
the domain specified.
If a "sort" parameter has been provided and its value is true, this will
sort the cookies by path alphabetically. If the sort value exists, but
is false, this will sort the cookies by path but in a reverse
alphabetical order.
value => $secret_value,
path => '/',
secure => 1,
http_only => 1,
same_site => 'Lax',
key => Bytes::Random::Secure::random_bytes(32),
algo => $algo,
encrypt => 1,
}) || die( $jar->error );
merge
Provided with another Cookie::Jar object, or at least an object that
supports the "do" method, which takes an anonymous code as argument, and
that calls that code passing it each cookie object found in the
alternate repository, and this method will add all those cookies in the
alternate repository into the current repository.
$jar->merge( $other_jar ) || die( $jar->error );
If the cookie objects passed to the anonymous code in this method, are
not Cookie object, then at least they must support the methods "name",
"value", "domain", "path", "port", "secure", "max_age", "secure",
"same_site" and , "http_only"
This method also takes an hash or hash reference of options:
* "die" boolean
If true, the anonymous code passed to the "do" method called, will
die upon error. Default to false.
By default, if an error occurs, "undef" is returned and the error is
set.
* "overwrite" boolean
If true, when an existing cookie is found it will be overwritten by
the new one. Default to false.
use Nice::Try;
try
{
$jar->merge( $other_jar, die => 1, overwrite => 1 );
}
catch( $e )
{
die( "Failed to merge cookies repository: $e\n" );
}
Upon success this will return the current object, and if there was an
error, this returns "undef" in perlfunc and sets an error
parse
This method is used by "fetch" to parse cookies sent by http client.
Parsing is much simpler than for http client receiving cookies from
server.
It takes the raw "Cookie" string sent by the http client, and returns an
hash reference (possibly empty) of cookie name to cookie value pairs.
my $cookies = $jar->parse( 'foo=bar; site_prefs=lang%3Den-GB' );
# You can safely do as well:
my $cookies = $jar->parse( '' );
purge
Thise takes no argument and will remove from the repository all cookies
that have expired. A cookie that has expired is a Cookie that has its
"expires" property set and whose value is in the past.
This returns an array object of all the cookies thus removed.
my $all = $jar->purge;
printf( "Cookie(s) removed were: %s\n", $all->map(sub{ $_->name })->join( ',' ) );
# or
printf( "%d cookie(s) removed from our repository.\n", $jar->purge->length );
replace
Provided with a Cookie object, and an optional other Cookie object, and
this method will replace the former cookie provided in the second
parameter with the new one provided in the first parameter.
If only one parameter is provided, the cookies to be replaced will be
derived from the replacement cookie's properties, namely: "name",
"domain" and "path"
It returns an array object of cookie objects replaced upon success, or
"undef" and set an error upon error.
repo
Set or get the array object used as the cookie jar repository.
printf( "%d cookies found\n", $jar->repo->length );
request
Set or get the Apache2::RequestRec object. This object is used to set
the "Set-Cookie" header within modperl.
save
$jar->save( '/home/joe/cookies.json' ) ||
die( "Failed to save cookies: ", $jar->error );
# or saving the cookies file encrypted
$jar->save( '/home/joe/cookies_encrypted.json',
{
encrypt => 1,
key => $key,
iv => $iv,
algo => 'AES',
}) || die( $jar->error );
Provided with a file, and an hash or hash reference of options, and this
will save the repository of cookies as json data.
The hash saved to file contains 2 top properties: "updated_on"
containing the last update date and "cookies" containing an hash of
cookie name to cookie properties pairs.
It returns the current object. If an error occurred, it will return
"undef" and set an error
Supported options are:
( run in 0.739 second using v1.01-cache-2.11-cpan-0bb4e1dffa6 )