Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Default cookie to / #444

wants to merge 1 commit into from

5 participants


Refactored PR from old @bigpresh branch.
Shouldn't hurt.


The alternative is this commit: 01baec5

@xsawyerx, whose do you prefer?


What does the RFC specify?

Owner says:

If the attribute-value is empty or if the first character of the attribute-value is not %x2F ("/"):

Let cookie-path be the default-path. explains how the default-path should be calculated - but it will be based on the URL requested.

For e.g. if the cookie is being set as a result of a request for /foo/bar, the default-path for the cookie would be '/foo/bar- so it would *not* be sent in future requests for e.g./baror/foo/baz` - which is somewhat surprising behaviour for most users.

Defaulting to / makes cookies behave the way I think most people would expect it to behave in the absence of a specified path.


I would say that with my vote and @bigpresh one, we could just merge, but I'll be a good boy and wait for @xsawyerx :+1:


Since this is not an urgent issue, I'd rather we not rush into it.
I generally believe going by the RFC is best. In case of surprised users, we can point to it and show we're not trying to be clever. If someone is already used to the RFC, we're screwing with them, and that won't be taken fondly.


If I read D1 correctly, it defaults to '/' if not otherwise specified.
@xsawyerx have you had any more thoughts on RFC vs intuitiveness?


Will review today. @shumphrey thanks for poking!


@xsawyerx, one week, so, poking again :)

@veryrusty veryrusty modified the milestone: 0.13, 0.11

Pr #121 changed the default value of Dancer2::Core::Cookie->path to be '/', which makes this Pr unnecessary. Closing :)

@veryrusty veryrusty closed this
@veryrusty veryrusty deleted the pr/default_cookie_path branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Sep 8, 2013
  1. @ambs

    Default cookie to /

    ambs authored
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/Dancer2/Core/
4 lib/Dancer2/Core/
@@ -44,9 +44,9 @@ sub to_header {
my $no_httponly = defined( $self->http_only ) && $self->http_only == 0;
my @headers = $self->name . '=' . $value;
- push @headers, "path=" . $self->path if $self->path;
+ push @headers, "path=" . $self->path || '/';
push @headers, "expires=" . $self->expires if $self->expires;
- push @headers, "domain=" . $self->domain if $self->domain;
+ push @headers, "domain=" . $self->domain if $self->domain;
push @headers, "Secure" if $self->secure;
push @headers, 'HttpOnly' unless $no_httponly;
Something went wrong with that request. Please try again.