Hi all, Here's one of those times I'd like to get some cross-framework discussion going. In Yesod, we use a combination of the cookie package[1] and clientsession[2] for storing user sessions. A few questions: * I recently heard that Snap also uses client-side sessions. If this is true, what packages does it use? * Can anyone think of a downside to setting HttpOnly on session cookies? * Now that I realize the option for HttpOnly is missing from the cookie package, can anyone see anything else missing from its API? In general, given that cookies are one of those ill-specified, very finicky parts of the web, I'd like it if we could try to converge on a single package for cookie parsing/rendering (both server and client side). Currently, Yesod and wai-test[3] both use it. Assuming we ever get a "Browser"-style module for http-enumerator, I would assume we'd use it there too. Michael [1] http://hackage.haskell.org/package/cookie [2] http://hackage.haskell.org/package/clientsession [3] http://hackage.haskell.org/package/wai-test