Skip to content


Default cookie to / #444

wants to merge 1 commit into from

5 participants

PerlDancer member

Refactored PR from old @bigpresh branch.
Shouldn't hurt.

PerlDancer member

The alternative is this commit: 01baec5

@xsawyerx, whose do you prefer?

PerlDancer member

What does the RFC specify?

PerlDancer member says:

If the attribute-value is empty or if the first character of the attribute-value is not %x2F ("/"):

Let cookie-path be the default-path. explains how the default-path should be calculated - but it will be based on the URL requested.

For e.g. if the cookie is being set as a result of a request for /foo/bar, the default-path for the cookie would be '/foo/bar- so it would *not* be sent in future requests for e.g./baror/foo/baz` - which is somewhat surprising behaviour for most users.

Defaulting to / makes cookies behave the way I think most people would expect it to behave in the absence of a specified path.

PerlDancer member

I would say that with my vote and @bigpresh one, we could just merge, but I'll be a good boy and wait for @xsawyerx :+1:

PerlDancer member

Since this is not an urgent issue, I'd rather we not rush into it.
I generally believe going by the RFC is best. In case of surprised users, we can point to it and show we're not trying to be clever. If someone is already used to the RFC, we're screwing with them, and that won't be taken fondly.


If I read D1 correctly, it defaults to '/' if not otherwise specified.
@xsawyerx have you had any more thoughts on RFC vs intuitiveness?

PerlDancer member

Will review today. @shumphrey thanks for poking!

PerlDancer member

@xsawyerx, one week, so, poking again :)

@veryrusty veryrusty modified the milestone: 0.13, 0.11
PerlDancer member

Pr #121 changed the default value of Dancer2::Core::Cookie->path to be '/', which makes this Pr unnecessary. Closing :)

@veryrusty veryrusty closed this
@veryrusty veryrusty deleted the pr/default_cookie_path branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Sep 8, 2013
  1. @ambs

    Default cookie to /

    ambs committed
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/Dancer2/Core/
4 lib/Dancer2/Core/
@@ -44,9 +44,9 @@ sub to_header {
my $no_httponly = defined( $self->http_only ) && $self->http_only == 0;
my @headers = $self->name . '=' . $value;
- push @headers, "path=" . $self->path if $self->path;
+ push @headers, "path=" . $self->path || '/';
push @headers, "expires=" . $self->expires if $self->expires;
- push @headers, "domain=" . $self->domain if $self->domain;
+ push @headers, "domain=" . $self->domain if $self->domain;
push @headers, "Secure" if $self->secure;
push @headers, 'HttpOnly' unless $no_httponly;
Something went wrong with that request. Please try again.