michael at snoyman.com
Thu Jun 30 15:58:39 CEST 2011
Here's one of those times I'd like to get some cross-framework
discussion going. In Yesod, we use a combination of the cookie
package and clientsession for storing user sessions. A few
* I recently heard that Snap also uses client-side sessions. If this
is true, what packages does it use?
* Can anyone think of a downside to setting HttpOnly on session cookies?
* Now that I realize the option for HttpOnly is missing from the
cookie package, can anyone see anything else missing from its API?
In general, given that cookies are one of those ill-specified, very
finicky parts of the web, I'd like it if we could try to converge on a
single package for cookie parsing/rendering (both server and client
side). Currently, Yesod and wai-test both use it. Assuming we ever
get a "Browser"-style module for http-enumerator, I would assume we'd
use it there too.
More information about the web-devel