Skip to content

Add support for partitioned cookies #2196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add support for partitioned cookies #2196

wants to merge 1 commit into from

Conversation

rawleyfowler
Copy link
Contributor

@rawleyfowler rawleyfowler commented Aug 28, 2024
edited
Loading

Summary

Firefox is soon going to ignore third-party aka "foreign" aka SameSite: None

Motivation

These changes allow Mojolicious to handle the new "Partitioned" attribute, as well as adding the ability to set Partitioned on Mojolicious::Sessions cookies.

References

https://www.ietf.org/archive/id/draft-cutler-httpbis-partitioned-cookies-00.html

https://github.com/privacycg/CHIPS

fixes #2179

@rawleyfowler rawleyfowler changed the title Add partitioned cookies Add handling of partitioned cookies Aug 28, 2024
@kraih kraih requested review from a team, Grinnz, christopherraa, kraih and marcusramberg August 28, 2024 16:54
kraih
kraih previously requested changes Aug 28, 2024
View reviewed changes
Copy link
Member

@kraih kraih left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like some values are not ordered alphabetically and documentation is missing.

@rawleyfowler rawleyfowler requested a review from kraih August 28, 2024 17:13
@mergify mergify bot dismissed kraih’s stale review August 28, 2024 17:13

Pull request has been modified.

kraih
kraih reviewed Aug 28, 2024
View reviewed changes
kraih
kraih reviewed Aug 28, 2024
View reviewed changes
@rawleyfowler
Copy link
Contributor Author

We could also mark this as experimental, though it is implemented in most browsers.

@rawleyfowler rawleyfowler requested a review from kraih August 29, 2024 04:18
@mergify Mergify
Copy link
Contributor

mergify bot commented Nov 22, 2024

This pull request is now in conflicts. Could you fix it @rawleyfowler? 🙏

@mergify Mergify
Copy link
Contributor

mergify bot commented Nov 25, 2024

This pull request is now in conflicts. Could you fix it @rawleyfowler? 🙏

@rawleyfowler rawleyfowler changed the title Add handling of partitioned cookies Add support for partitioned cookies Nov 29, 2024
@rawleyfowler
Copy link
Contributor Author

rawleyfowler commented Apr 12, 2025
edited
Loading

Plack recently merged this into Plack::Middleware::Session: plack/Plack-Middleware-Session#51 , hoping we can get this in soonish as I need it for work at some point...

kraih
kraih reviewed Apr 13, 2025
View reviewed changes
@kraih kraih requested review from a team, jberger, jhthorsen and kraih April 13, 2025 00:02
@kraih
Copy link
Member

kraih commented Apr 13, 2025

Yes, since this is only a draft spec we have to mark it experimental.

kraih
kraih reviewed Apr 20, 2025
View reviewed changes
@kraih kraih requested a review from Copilot June 16, 2025 13:28
Copilot

This comment was marked as outdated.

Sign in to view

kraih
kraih previously approved these changes Jun 16, 2025
View reviewed changes
@kraih kraih dismissed their stale review June 16, 2025 16:10

Typos missed

@rawleyfowler
Copy link
Contributor Author

@kraih Thanks for the review, they've been fixed.

@kraih kraih requested a review from Copilot June 24, 2025 00:00
Copilot
Copilot AI reviewed Jun 24, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds support for the new Partitioned cookie attribute to both core cookie handling and session cookies, and updates tests to cover the new behavior.

  • Extend Mojo::Cookie::Response parsing, serialization, and docs with partitioned
  • Add partitioned flag to Mojolicious::Sessions and include it in Set-Cookie options
  • Update tests in t/mojo/cookie.t to cover Partitioned output and parsing

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
t/mojo/cookie.t Added calls to partitioned(1) and new subtest for parsing
lib/Mojolicious/Sessions.pm Introduced partitioned attribute in constructor, store logic, and docs
lib/Mojo/Cookie/Response.pm Added partitioned to has, parsing map, to_string, and docs
Comments suppressed due to low confidence (1)

lib/Mojolicious/Sessions.pm:58

  • Consider adding tests to verify that the partitioned flag on session cookies results in the Partitioned attribute being set in the Set-Cookie header.
    partitioned => $self->partitioned,

@kraih kraih requested review from a team and kraih August 27, 2025 15:30
kraih
kraih previously approved these changes Aug 27, 2025
View reviewed changes
@kraih
Copy link
Member

kraih commented Aug 27, 2025

Please fix the typos before merge.

@rawleyfowler
Copy link
Contributor Author

@kraih Should be good to go, thanks :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kraih kraih kraih left review comments

@marcusramberg marcusramberg Awaiting requested review from marcusramberg marcusramberg was automatically assigned from mojolicious/maintainers

@christopherraa christopherraa Awaiting requested review from christopherraa christopherraa was automatically assigned from mojolicious/maintainers

@Grinnz Grinnz Awaiting requested review from Grinnz Grinnz was automatically assigned from mojolicious/maintainers

@jhthorsen jhthorsen Awaiting requested review from jhthorsen jhthorsen was automatically assigned from mojolicious/maintainers

@jberger jberger Awaiting requested review from jberger jberger was automatically assigned from mojolicious/maintainers

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature request: Support session cookies with "Partitioned"

2 participants

@rawleyfowler @kraih