1). Could Wisp be updated to make the name of the session cookie (namely fanws) be configurable? It would really help out a side project of mine if it could be picked up from a config file. (sessionCookieName in /etc/web/config.props maybe?)
It's only used in one (or two) places so it should be a minor change.
2). Plus, the server HTTP response header that's always added, could that be moved out to extraResHeaders in /etc/web/config.props? I can manually remove the header myself, but it'd be easier to just modify the config.
3). Also, I noted a very minor case of session ID fixation. Should an invalid or expired session cookie be sent to Wisp, Wisp creates a new session with the same ID. Whereas ideally, a new ID would be created for the new session.
SlimerDudeMon 5 Feb 2018
And while I'm on a web roll, here's a patch to add 308 - Permanent Redirect to the list of status codes in WebRes:
SlimerDude Mon 5 Feb 2018
As we're on the topic of Wisp Sessions...
1). Could Wisp be updated to make the name of the session cookie (namely
fanws) be configurable? It would really help out a side project of mine if it could be picked up from a config file. (sessionCookieNamein/etc/web/config.propsmaybe?)It's only used in one (or two) places so it should be a minor change.
2). Plus, the
serverHTTP response header that's always added, could that be moved out toextraResHeadersin/etc/web/config.props? I can manually remove the header myself, but it'd be easier to just modify the config.3). Also, I noted a very minor case of session ID fixation. Should an invalid or expired session cookie be sent to Wisp, Wisp creates a new session with the same ID. Whereas ideally, a new ID would be created for the new session.
SlimerDude Mon 5 Feb 2018
And while I'm on a web roll, here's a patch to add 308 - Permanent Redirect to the list of status codes in
WebRes:diff -r 2f1a8fdb0f40 src/web/fan/WebRes.fan --- a/src/web/fan/WebRes.fan Tue Jan 30 13:14:10 2018 -0500 +++ b/src/web/fan/WebRes.fan Mon Feb 05 19:22:44 2018 +0000 @@ -111,7 +111,7 @@ 200: "OK", 201: "Created", 202: "Accepted", - 203: "203 Non-Authoritative Information", + 203: "Non-Authoritative Information", 204: "No Content", 205: "Reset Content", 206: "Partial Content", @@ -123,6 +123,7 @@ 304: "Not Modified", 305: "Use Proxy", 307: "Temporary Redirect", + 308: "Permanent Redirect", // 400 400: "Bad Request", 401: "Unauthorized", @@ -142,6 +143,7 @@ 415: "Unsupported Media Type", 416: "Requested Range Not Satisfiable", 417: "Expectation Failed", + 418: "I'm a teapot", // 500 500: "Internal Server Error", 501: "Not Implemented",Jeremy Criquet Tue 27 Feb 2018
I think adding in support for res code 418 is of utter-most importance.