May be there could be more hints for client/server developers. E.g. where is the best place / how is the best practice to add cookie-handling, Authentication challenges, etc.
Funnily, for someone who actually solved numerous of the issues this question can easily be rephrased as:
Now I finally learned how drive a bicycle, lets ask tips for driving semi-trailer.
And this is **the major** problem of the library. In the CppCMS frameworks the HTTP part is less than 2.5% of the core code. The rest is the "minor" stuff like cookies, session, url parsing and much-much more. And note - I'm talking about server part only Now once you choose to use Beast you'll hit the wall very quickly as you'll have to do all tricks your own and they will consume most of your work for example URL decoding, parsing query string, parsing or generating trivial forms or handling trivial cookies. So instead of concentrating on your application issues you are going to deal with 1001 small issues that require both experience and knowledge to do them right. The biggest problem is actually that vast majority security issues do not come from HTTP parsing at all, but rather all "minor stuff" [1] that left out of scope of the Beast. This question you had written had popped for me the big red flag - without proper well organized tools that handle the "minor stuff" Beast users are virtually doomed to writing insecure code. Unlike most HTTP servers/clients are build with security by design - do safe stuff by default, Beast lives this ALL to end user. This part **extremely** concerns me - as somebody who actually developed both web services and tools to make them secure and aware of unforgiving nature of WWW. Artyom Beilis [1]: http://cppcms.com/wikipp/en/page/secure_programming