Handling of 'Secure' prefixes - __Secure- and __Host-

[siktec-lab]

I might be buggin, but I can't see the use of the PREFIX_SECURE and PREFIX_HOST constants in the Cookie class.
As I understand it, Set-Cookie that are prefixed with __Secure- and __Host- have special meanings and should be processed differently.
I would expect to see these prefixes appended to the cookie name when the cookie is being set in buildCookieHeader
Or removed when the cookie is being parsed in parse (while setting a special flag or something to indicate that the cookie is prefixed and with what).

I know that some of the implementations out there don't handle these prefixes correctly, but they should be implemented as they are part of the standard, and the only way to distinguish between a Secure only (HTTPS) cookie and a Secure only + host (HTTPS + Path).

Maybe I'm missing something, I would appreciate it if you could clarify this for me.

I used your code as a reference for a cookie class in my own project - I noticed that I didn't handle these prefixes either, so I implemented them and I thought I'd ask you about it.

Thanks for your time.