reisub

reisub

HttpCookie - standards-compliant HTTP Cookie implementation for Elixir

I just released version 0.8.0 of HttpCookie, a standards-compliant (client-side) HTTP Cookie implementation.

It’s not a new library, but this release resolves the public suffix dependency mess so I thought it’s a good time to spread the word.

The code is tested against implementation-agnostic IETF test cases so I’m reasonably sure the code is correct and I’ve been using it in prod for about a year without issue.

I tried to make it safe by default:

  • there’s default limits for the cookie size and number of cookies per domain and in total
  • there’s a check to reject ‘supercookies’

It also ships with a Req plugin which makes it easy to use if you already use Req.

So you can really use it at 3 different abstraction levels:

  • as a Req plugin
  • as a cookie jar with any other HTTP client
  • as a cookie string parser (if you have niche needs and/or you want to build you own cookie jar)

Contributions in any form or shape are welcome, and I’d be happy to receive bug reports, feature suggestions and PRs. The standard disclaimers apply - this is a free time project and your contributions might not get noticed/reacted to very quickly.

Backstory

Back in late 2023 I needed to access an API that uses cookies for authentication, so I needed a cookie jar to use with Req.
I found two potential libraries to use: cookie_monster and cookie_jar.

I first tried cookie_jar because it was closer to what I needed, but it failed to parse some cookies I had to deal with and upon further inspection I saw that the cookies were probably following the spec (I didn’t know the spec that well yet at that point).

So then I tried to parse the cookies with cookie_monster and that worked for the most part, except I also found it diverged from the spec when handling unsupported attributes which broke parsing one of the cookies I had to deal with.

I was in time crunch with the functionality that used this so for the time being I ended up with a frankenstein solution of:

  1. preprocessing the cookie string to remove the ‘Version’ attribute that one of the servers was sending
  2. parsing the cookie with cookie_monster
  3. storing/using it with cookie_jar

Though the issue with the unrecognized attribute parsing was later resolved in cookie_monster I still thought the Elixir ecosystem could use a client-side cookie implementation that more closely followed the spec.

This is not a complaint about the existing libraries and I’m grateful they exist, but I chose to start over and treat this as a learning opportunity. I definitely learned a lot reading the 3 existing RFCs that cover this functionality and being able to experiment freely helped me get to something I feel works well.

Future work

A new cookie RFC that will obsolete RFC6265 is in the works.

It standardizes SameSite which is already implemented by browsers and removes the deprecated Cookie2/Set-Cookie2 headers, so apart from any bugfixes that’s what you can expect implemented in the future - though I might wait for the standard to be finalized to start.

https://github.com/reisub/http_cookie

Most Liked

reisub

reisub

I’ve released v0.8.1 recently, as someone needed Elixir 1.14 support - now the lib works for Elixir 1.14+ (previously it was 1.15+).

See full changelog.

Please keep the feedback coming - I want to make HttpCookie all you need for cookie handling on the client side in Elixir. I think it’s already feature complete, but I’d like to get more people using it to find any edge cases or missing functionality.

Where Next?

Popular in Announcing Top

KronicDeth
Elixir plugin for JetBrain’s IntelliJ Platform (including Rubymine) This is a plugin that adds support for Elixir to JetBrains IntelliJ...
289 36128 110
New
handnot2
Samly can be used to enable SAML 2.0 Single Sign On in a Plug/Phoenix application. This library uses Erlang esaml to provide plug enabl...
New
danschultzer
In short Plug n’ play OAuth 2.0 provider library. Just set up a resource owner schema with Ecto (your user schema), install the dependen...
New
tmbb
I’ve been working on two packages (not on hex.pm yet) to build admin interfaces for phoenix apps: bureaucrat - which contains a bunch ...
New
oltarasenko
Dear Elixir community, After a year of development, bug fixes, and improvements, we are proudly ready to share the release of Crawly 0.1...
New
ahamez
Hi everyone, I’ve been working on this protobuf library for 3 years. We use it in the company I work for, EasyMile, to communicate with ...
New
New
brainlid
LangChain is short for Language Chain. An LLM, or Large Language Model, is the “Language” part. This library makes it easier for Elixir a...
New
bluzky
You may know https://ui.shadcn.com/, a UI component library for React. I really love it’s design style and components. I’ve built some co...
384 13736 119
New
MRdotB
I needed to reuse React components from my Chrome extension in my Phoenix/LiveView backend. I noticed that for Svelte/Vue, there are live...
New

Other popular topics Top

ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New
openscript
Hello! Sorry for this astonishing simple question, but I’m really stuck. I try to set up the intellij-elixir plugin, but I don’t know ho...
New
PeterCarter
There are pre-rolled solutions for other frameworks that do work. However, Phoenix does not seem to have these. Have people had good expe...
New
Darmani72
If I have a post route which an argument: post /my_post_route/:my_param1, MyController.my_post_handler How would get the post params ...
New
dogweather
I wrote this comment on r/haskell, and it’s not popular there. :wink: But I think I’m on to something… Haskell reminds me of Java, and e...
New
chrismccord
Phoenix 1.4.0 released Phoenix 1.4 is out! This release ships with exciting new features, most notably with HTTP2 support, improved deve...
688 30877 112
New
gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
sergio_101
I am VERY much an elixir newbie. I have taken one elixir course and one phoenix course on Udemy. During that course, I saw the instructor...
New
aalberti333
As the title describes, I’m trying to run Enum.map() over a list of key/value pairs, where the value is a map. My data looks like this: ...
New

We're in Beta

About us Mission Statement