Update last-access-time per RFC

Also clarifies that times are absolute epoch seconds.

Fixes #12.

3 files changed, 61 insertions, 6 deletions

diff --git a/Changes b/Changes
index 42c68f8..3457688 100644
--- a/Changes
+++ b/Changes
@@ -2,6 +2,11 @@ Revision history for HTTP-CookieJar
 
 {{$NEXT}}
 
+    [FIXED]
+
+    - Cookie last access time is updated when a cookie is retrieved; this has
+      no functional effect but is consistent with RFC 6265.
+
 0.012     2021-06-16 05:34:31-04:00 America/New_York
 
     - No changes from 0.011
diff --git a/lib/HTTP/CookieJar.pm b/lib/HTTP/CookieJar.pm
index 5656caa..8368372 100644
--- a/lib/HTTP/CookieJar.pm
+++ b/lib/HTTP/CookieJar.pm
@@ -124,8 +124,8 @@ Keys of a cookie hash reference might include:
 * secure -- if present, the cookie was set C<Secure>
 * httponly -- if present, the cookie was set C<HttpOnly>
 * hostonly -- if present, the cookie may only be used with the domain as a host
-* creation_time -- epoch seconds since the cookie was first stored
-* last_access_time -- epoch seconds since the cookie was last stored
+* creation_time -- epoch time when the cookie was first stored
+* last_access_time -- epoch time when the cookie was last accessed (i.e. "now")
 
 Keep in mind that C<httponly> means it should only be used in requests and not
 made available via Javascript, etc.  This is pretty meaningless for Perl user
@@ -139,6 +139,13 @@ It will throw an exception if the request URL is missing or invalid.
 
 sub cookies_for {
     my ( $self, $request ) = @_;
+    my @found = $self->_cookies_for($request);
+    return map { {%$_} } @found;
+}
+
+# _cookies_for returns originals, not copies, which helps in testing
+sub _cookies_for {
+    my ( $self, $request ) = @_;
     my ( $scheme, $host, $port, $request_path ) = eval { _split_url($request) };
     Carp::croak($@) if $@;
 
@@ -150,6 +157,7 @@ sub cookies_for {
         next if defined( $cookie->{expires} ) && $cookie->{expires} < $now;
         next unless _domain_match( $host, $cookie->{domain} );
         next unless _path_match( $request_path, $cookie->{path} );
+        $cookie->{last_access_time} = time;
         push @found, $cookie;
     }
     @found = sort {
@@ -256,11 +264,9 @@ sub load_cookies {
 # private methods
 #--------------------------------------------------------------------------#
 
-# return a copy of all cookies
+# return flattened list of all cookies
 sub _all_cookies {
-    return map {
-        { %$_ }
-    } map { values %$_ } map { values %$_ } values %{ $_[0]->{store} };
+    return map { values %$_ } map { values %$_ } values %{ $_[0]->{store} };
 }
 
 #--------------------------------------------------------------------------#
diff --git a/t/cookies_for.t b/t/cookies_for.t
new file mode 100644
index 0000000..a2db538
--- /dev/null
+++ b/t/cookies_for.t
@@ -0,0 +1,44 @@
+use 5.008001;
+use strict;
+use warnings;
+use Test::More 0.96;
+use Test::Deep '!blessed';
+use lib 't/lib';
+use MockTime;
+
+use HTTP::CookieJar;
+
+my $url   = "http://example.com/foo/bar/";
+my @input = (
+    [ $url, "SID=2; Path=/" ],
+    [ $url, "SID=1; Path=/foo" ],
+    [ $url, "SID=0; Path=/foo/bar" ],
+);
+
+# MockTime keeps this constant
+my $creation_time = time;
+
+my $jar = HTTP::CookieJar->new;
+$jar->add(@$_) for @input;
+
+# Move up the clock for access time
+MockTime->offset(10);
+my $last_access_time = time;
+
+# Check that cookies_for has expected times
+for my $c ( $jar->cookies_for($url) ) {
+    is( $c->{creation_time},    $creation_time,    "$c->{name}=$c->{value} creation_time" );
+    is( $c->{last_access_time}, $last_access_time, "$c->{name}=$c->{value} last_access_time" );
+}
+
+# Modify cookies from cookies_for and verify they aren't changed
+# from private originals.
+for my $c ( $jar->cookies_for($url) ) {
+    $c->{creation_time} = 0;
+}
+for my $c ( $jar->_cookies_for($url) ) {
+    is( $c->{creation_time},    $creation_time,    "$c->{name}=$c->{value} creation_time" );
+}
+
+done_testing;
+# COPYRIGHT