#2683 Wisp Session Cookie

SlimerDude Mon 5 Feb 2018

As we're on the topic of Wisp Sessions...


1). Could Wisp be updated to make the name of the session cookie (namely fanws) be configurable? It would really help out a side project of mine if it could be picked up from a config file. (sessionCookieName in /etc/web/config.props maybe?)

It's only used in one (or two) places so it should be a minor change.


2). Plus, the server HTTP response header that's always added, could that be moved out to extraResHeaders in /etc/web/config.props? I can manually remove the header myself, but it'd be easier to just modify the config.


3). Also, I noted a very minor case of session ID fixation. Should an invalid or expired session cookie be sent to Wisp, Wisp creates a new session with the same ID. Whereas ideally, a new ID would be created for the new session.

SlimerDude Mon 5 Feb 2018

And while I'm on a web roll, here's a patch to add 308 - Permanent Redirect to the list of status codes in WebRes:

diff -r 2f1a8fdb0f40 src/web/fan/WebRes.fan
--- a/src/web/fan/WebRes.fan	Tue Jan 30 13:14:10 2018 -0500
+++ b/src/web/fan/WebRes.fan	Mon Feb 05 19:22:44 2018 +0000
@@ -111,7 +111,7 @@
     200: "OK",
     201: "Created",
     202: "Accepted",
-    203: "203 Non-Authoritative Information",
+    203: "Non-Authoritative Information",
     204: "No Content",
     205: "Reset Content",
     206: "Partial Content",
@@ -123,6 +123,7 @@
     304: "Not Modified",
     305: "Use Proxy",
     307: "Temporary Redirect",
+    308: "Permanent Redirect",
     // 400
     400: "Bad Request",
     401: "Unauthorized",
@@ -142,6 +143,7 @@
     415: "Unsupported Media Type",
     416: "Requested Range Not Satisfiable",
     417: "Expectation Failed",
+    418: "I'm a teapot",
     // 500
     500: "Internal Server Error",
     501: "Not Implemented",

Jeremy Criquet Tue 27 Feb 2018

I think adding in support for res code 418 is of utter-most importance.

Login or Signup to reply.