1

This is my first time posting to this site, but I come to it often. I am stuck on a project I am coding for fun. I am total newbie to Perl so go easy on me. I've successfully written a web server in Perl, it parses PHP and handles multiple connections.

So far, so good, but I am stuck at sending cookies to the browser.

I suppose I don't understand how my server is supposed to parse the document-output (from reading the file to send via HTTP) before sending for cookies. I've searched for days and have come up empty. Likely I am over-complicating this, but how am I supposed to know what key value the document is requesting to send?

Searching only lands pages parsing documents from the web using HTTP::Cookies which isn't what I'm looking for. What happens on the server side to parse a local document for "Set-Cookie:" before it sends the headers?

I've tried HTTP::Cookies->extract_cookies($my_local_file), but it responds back with

"Can't locate object method "_header" via package..."

which makes sense because the header files were never sent since it happened on the server side.

Borodin
  • 126,100
  • 9
  • 70
  • 144
Keith Kirkland
  • 13
  • 4
  • Re "*What happens on the server side to parse a local document for "Set-Cookie:" before it sends the headers?*" What does that mean? `Set-Cookie` is header an HTTP server includes in responses, not something found in documents. – ikegami May 18 '16 at 02:42
  • 1
    The relevant spec is [RFC 6265](https://tools.ietf.org/html/rfc6265). [Cookie::Baker](http://search.cpan.org/perldoc?Cookie::Baker) appears to generate (the value for) Set-Cookie headers. – ikegami May 18 '16 at 03:27
  • If you use Apache mod_perl2, I recommend you check [Net::API::REST::Cookies](https://metacpan.org/pod/Net::API::REST::Cookies) which handles cookies received from the web browser and sent by the server to the web browser. – Jacques May 02 '21 at 23:09

2 Answers2

2

You're misunderstanding how cookies work. They are specified by the server and stored on the client, so this question doesn't make sense

I suppose I don't understand how my server is supposed to parse the document-output (from reading the file to send via HTTP) before sending for cookies.

Likely I am over-complicating this, but how am I supposed to know what key value the document is requesting to send?

What happens on the server side to parse a local document for "Set-Cookie:" before it sends the headers?

The server doesn't "send for cookies". When a server receives an HTTP request from the client, it builds and sends a response that contains the information that the client has requested. That response may include Set-Cookie headers to instruct the client to save some information

A document cannot "request to send" key values—it is just a document!—and there is no "parsing of a local document". The server simply adds headers that define the data that it wants to be returned if the client sends another request to the same host

If the requirements are simple then each data item can appear in the headers. For instance

Set-Cookie: localtime=2016-05-18T09:01:16
Set-Cookie: username=Keith

But if the server wants to store a lot of information relating to the session (the contents of a shopping basket, perhaps) then this may simply be a session ID that corresponds to the ID of a MySQL database record held on the server that contains all the relevant data

Set-Cookie: session_id=76151387

This method also improves security, as only the session ID appear in the HTTP messages, and all the real data is held out of site on the server

Once the client receives the response, it will save the cookies in any way it likes so that they can be retrieved and returned if the next request is to the same host address. It will simply include a copy of the data from the preceding response, like this

Cookie: localtime=2016-05-18T09:01:16; username=Keith

or

Cookie: session_id=76151387

There are variations on this basic idea; for instance, the server may specify an Expires or a Max-Age field which specifies when the cookie is to be deleted by the client. Suppose the server sends

Set-Cookie: session_id=76151387; Max-Age=86400

then the cookie will be saved to disk so that it is persistent across restarts of the browser, and deleted after one day (the age is specified in seconds). Without either of these attributes the cookie is a session cookie that is typically held in memory and will be deleted when the browser is closed

There are other, more esoteric attributes that the server may specify. RFC 6265 is the definitive specification of the HTTP cookie system which describes every aspect in detail

Community
  • 1
  • 1
Borodin
  • 126,100
  • 9
  • 70
  • 144
  • Thank you... That really helped. I learned from you I don't have to parse for cookies prior to sending the document. I needed to set my Content Type header for the type of script that was called. Once I did that it worked. – Keith Kirkland May 19 '16 at 00:52
  • @KeithKirkland: I don't know where you got the idea that you have to *parse* something to obtain the `Set-Cookie` values. Their contents depend on what you want to use the cookie for, but it probably shouldn't be anything to do with the contents of the document you're sending. And The `Content-Type` header should reflect the type of data that you're *sending*, which may be *"the type of script that was called"*, although I'm not certain what you mean by that, but won't necessarily be. – Borodin May 19 '16 at 09:30
0

When the browser sends a request to the web server, the header may contain a cookie line. This is the web browser presenting it's cookies to the web server, along with the web request. The request may look like this:

GET /index.html HTTP/1.1
Host: YourURL.com
Cookie: key=value; key=value; key=value

If you're parsing the raw request to the server, parse the values from the cookie line.

HTTP::Server::Simple is a drop-in CPAN library that provides a fully-functioning web server, if you don't want to reinvent the wheel.

mjac
  • 264
  • 2
  • 9