rack-devel archive mirror (unofficial) https://groups.google.com/group/rack-devel
 help / color / mirror / code / Atom feed
* Re: Deleting cookies with the same name from multiple domains
@ 2010-01-15 20:48 Zach Brock
  2010-04-29 22:13 ` Ryan Tomayko
  0 siblings, 1 reply; 2+ messages in thread
From: Zach Brock @ 2010-01-15 20:48 UTC (permalink / raw)
  To: rack-devel


[-- Attachment #1.1: Type: text/plain, Size: 1033 bytes --]

Hmm, I don't think so.  The only change I made was to the filtering logic in
Utils.delete_cookie_header!
I'd imagine that adding same-named cookies with different domains doesn't
work if you're using Rails though.  It puts the cookies in a hash where the
key is the cookie name, so multiple domains can't really be represented.

Attached is a spec to show that it works as is.

-Zach


On Jan 15, 6:52 am, Ryan Tomayko <r...@tomayko.com> wrote:
> On Thu, Jan 7, 2010 at 10:01 PM, Zach Brock <zbr...@gmail.com> wrote:
> > This is a fix to an issue I ran into when dealing with a single sign on
> > system. Cookies should be unique per request by name and domain, but
Rack
> > currently only treats them as unique by name. This commit basically
makes it
> > possible to delete cookie "foo" on both www.example.com and .example.com
.
> > -Zach Brock
>
> I've had reports of a bug that disallows same-named cookies to be set
> for different domains. It looks like your patch addresses this as
> well. Can you confirm?
>
> Thanks,
> Ryan

[-- Attachment #1.2: Type: text/html, Size: 1528 bytes --]

[-- Attachment #2: 0001-Adding-a-spec-for-adding-multiple-cookies-with-the-s.patch --]
[-- Type: application/octet-stream, Size: 1160 bytes --]

From 5edf55cc05020c49db74c743f08fbcd37d9606cf Mon Sep 17 00:00:00 2001
From: Zach Brock <zbrock@gmail.com>
Date: Fri, 15 Jan 2010 12:43:34 -0800
Subject: [PATCH] Adding a spec for adding multiple cookies with the same name on different domains

---
 test/spec_rack_response.rb |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/test/spec_rack_response.rb b/test/spec_rack_response.rb
index fb14508..942a564 100644
--- a/test/spec_rack_response.rb
+++ b/test/spec_rack_response.rb
@@ -55,6 +55,13 @@ context "Rack::Response" do
     response["Set-Cookie"].should.equal ["foo=bar", "foo2=bar2", "foo3=bar3"]
   end
 
+  specify "can set cookies with the same name for multiple domains" do
+    response = Rack::Response.new
+    response.set_cookie "foo", {:value => "bar", :domain => "sample.example.com"}
+    response.set_cookie "foo", {:value => "bar", :domain => ".example.com"}
+    response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=bar; domain=.example.com"]
+  end
+
   specify "formats the Cookie expiration date accordingly to RFC 2109" do
     response = Rack::Response.new
     
-- 
1.6.0.2


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Deleting cookies with the same name from multiple domains
  2010-01-15 20:48 Deleting cookies with the same name from multiple domains Zach Brock
@ 2010-04-29 22:13 ` Ryan Tomayko
  0 siblings, 0 replies; 2+ messages in thread
From: Ryan Tomayko @ 2010-04-29 22:13 UTC (permalink / raw)
  To: rack-devel; +Cc: zbrock

On Fri, Jan 15, 2010 at 1:48 PM, Zach Brock <zbrock@gmail.com> wrote:
> Hmm, I don't think so.  The only change I made was to the filtering logic in
> Utils.delete_cookie_header!
> I'd imagine that adding same-named cookies with different domains doesn't
> work if you're using Rails though.  It puts the cookies in a hash where the
> key is the cookie name, so multiple domains can't really be represented.
> Attached is a spec to show that it works as is.
> -Zach
>
> On Jan 15, 6:52 am, Ryan Tomayko <r...@tomayko.com> wrote:
>> On Thu, Jan 7, 2010 at 10:01 PM, Zach Brock <zbr...@gmail.com> wrote:
>> > This is a fix to an issue I ran into when dealing with a single sign on
>> > system. Cookies should be unique per request by name and domain, but
>> > Rack
>> > currently only treats them as unique by name. This commit basically
>> > makes it
>> > possible to delete cookie "foo" on both www.example.com and
>> > .example.com.
>> > -Zach Brock
>>
>> I've had reports of a bug that disallows same-named cookies to be set
>> for different domains. It looks like your patch addresses this as
>> well. Can you confirm?

Applied the following to allow deleting same-named cookies on different domains.

Thanks,
Ryan

From 55cbbc91ae0a03445dd9e0ba1830f70fbd2f4d52 Mon Sep 17 00:00:00 2001
From: Zach Brock <zbrock@gmail.com>
Date: Thu, 7 Jan 2010 21:43:51 -0800
Subject: [PATCH] allow delete of cookies with same name but different domain

Adding a spec for adding multiple cookies with the same name on
different domains
---
 lib/rack/utils.rb          |    6 +++++-
 test/spec_rack_response.rb |   19 +++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletions(-)

diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb
index 50bee6e..f3b1a62 100644
--- a/lib/rack/utils.rb
+++ b/lib/rack/utils.rb
@@ -216,7 +216,11 @@ module Rack
       end

       cookies.reject! { |cookie|
-        cookie =~ /\A#{escape(key)}=/
+        if value[:domain]
+          cookie =~ /\A#{escape(key)}=.*domain=#{value[:domain]}/
+        else
+          cookie =~ /\A#{escape(key)}=/
+        end
       }

       header["Set-Cookie"] = cookies.join("\n")
diff --git a/test/spec_rack_response.rb b/test/spec_rack_response.rb
index 98f8289..a8d9dfe 100644
--- a/test/spec_rack_response.rb
+++ b/test/spec_rack_response.rb
@@ -55,6 +55,13 @@ context "Rack::Response" do
     response["Set-Cookie"].should.equal ["foo=bar", "foo2=bar2",
"foo3=bar3"].join("\n")
   end

+  specify "can set cookies with the same name for multiple domains" do
+    response = Rack::Response.new
+    response.set_cookie "foo", {:value => "bar", :domain =>
"sample.example.com"}
+    response.set_cookie "foo", {:value => "bar", :domain => ".example.com"}
+    response["Set-Cookie"].should.equal ["foo=bar;
domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n")
+  end
+
   specify "formats the Cookie expiration date accordingly to RFC 2109" do
     response = Rack::Response.new

@@ -86,6 +93,18 @@ context "Rack::Response" do
     ].join("\n")
   end

+  specify "can delete cookies with the same name from multiple domains" do
+    response = Rack::Response.new
+    response.set_cookie "foo", {:value => "bar", :domain =>
"sample.example.com"}
+    response.set_cookie "foo", {:value => "bar", :domain => ".example.com"}
+    response["Set-Cookie"].should.equal ["foo=bar;
domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n")
+    response.delete_cookie "foo", :domain => ".example.com"
+    response["Set-Cookie"].should.equal ["foo=bar;
domain=sample.example.com", "foo=; domain=.example.com; expires=Thu,
01-Jan-1970 00:00:00 GMT"].join("\n")
+    response.delete_cookie "foo", :domain => "sample.example.com"
+    response["Set-Cookie"].should.equal ["foo=; domain=.example.com;
expires=Thu, 01-Jan-1970 00:00:00 GMT",
+                                         "foo=;
domain=sample.example.com; expires=Thu, 01-Jan-1970 00:00:00
GMT"].join("\n")
+  end
+
   specify "can do redirects" do
     response = Rack::Response.new
     response.redirect "/foo"
-- 
1.7.0.5

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-04-29 22:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-01-15 20:48 Deleting cookies with the same name from multiple domains Zach Brock
2010-04-29 22:13 ` Ryan Tomayko

Code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/rack.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).