From mboxrd@z Thu Jan  1 00:00:00 1970
Delivered-To: chneukirchen@gmail.com
Received: by 10.140.141.15 with SMTP id o15cs279049rvd; Fri, 15 Jan 2010
 13:03:14 -0800 (PST)
Received: from mr.google.com ([10.150.90.2]) by 10.150.90.2 with SMTP id
 n2mr465878ybb.10.1263589393774 (num_hops = 1); Fri, 15 Jan 2010 13:03:13
 -0800 (PST)
Received: by 10.150.90.2 with SMTP id n2mr27369ybb.10.1263589392095; Fri, 15
 Jan 2010 13:03:12 -0800 (PST)
X-BeenThere: rack-devel@googlegroups.com
Received: by 10.150.39.12 with SMTP id m12ls160067ybm.2.p; Fri, 15 Jan 2010 
 13:03:10 -0800 (PST)
Received: by 10.150.59.8 with SMTP id h8mr629521yba.3.1263589390432; Fri, 15
 Jan 2010 13:03:10 -0800 (PST)
Received: by 10.231.115.104 with SMTP id h40mr180904ibq.18.1263588497205;
 Fri, 15 Jan 2010 12:48:17 -0800 (PST)
Received: by 10.231.115.104 with SMTP id h40mr180903ibq.18.1263588497161;
 Fri, 15 Jan 2010 12:48:17 -0800 (PST)
Return-Path: <zbrock@gmail.com>
Received: from mail-iw0-f190.google.com (mail-iw0-f190.google.com
 [209.85.223.190]) by gmr-mx.google.com with ESMTP id
 19si225487iwn.12.2010.01.15.12.48.16; Fri, 15 Jan 2010 12:48:16 -0800 (PST)
Received-SPF: pass (google.com: domain of zbrock@gmail.com designates
 209.85.223.190 as permitted sender) client-ip=209.85.223.190;
Received: by mail-iw0-f190.google.com with SMTP id 28so504540iwn.13 for
 <rack-devel@googlegroups.com>; Fri, 15 Jan 2010 12:48:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.147.149 with SMTP id l21mr103758ibv.0.1263588496031; Fri,
  15 Jan 2010 12:48:16 -0800 (PST)
Date: Fri, 15 Jan 2010 12:48:15 -0800
Message-ID: <d3965c3e1001151248r2027b2c4m7f4751e901e8ccb8@mail.gmail.com>
Subject: Re: Deleting cookies with the same name from multiple domains
From: Zach Brock <zbrock@gmail.com>
To: rack-devel@googlegroups.com
Reply-To: rack-devel@googlegroups.com
Precedence: list
Mailing-list: list rack-devel@googlegroups.com; contact
 rack-devel+owners@googlegroups.com
List-ID: <rack-devel.googlegroups.com>
List-Post: <http://groups.google.com/group/rack-devel/post?hl=>, 
 <mailto:rack-devel@googlegroups.com>
List-Help: <http://groups.google.com/support/?hl=>,
 <mailto:rack-devel+help@googlegroups.com>
List-Archive: <http://groups.google.com/group/rack-devel?hl=>
X-Thread-Url: http://groups.google.com/group/rack-devel/t/eaf3e5ccebf0caaf
X-Message-Url: http://groups.google.com/group/rack-devel/msg/a07cca1f71a6b550
Sender: rack-devel@googlegroups.com
List-Unsubscribe: <http://groups.google.com/group/rack-devel/subscribe?hl=>, 
 <mailto:rack-devel+unsubscribe@googlegroups.com>
List-Subscribe: <http://groups.google.com/group/rack-devel/subscribe?hl=>, 
 <mailto:rack-devel+subscribe@googlegroups.com>
Content-Type: multipart/mixed; boundary=0016e64eeb5872be87047d3a1f58

--0016e64eeb5872be87047d3a1f58
Content-Type: multipart/alternative; boundary=0016e64eeb5872be81047d3a1f56

--0016e64eeb5872be81047d3a1f56
Content-Type: text/plain; charset=ISO-8859-1

Hmm, I don't think so.  The only change I made was to the filtering logic in
Utils.delete_cookie_header!
I'd imagine that adding same-named cookies with different domains doesn't
work if you're using Rails though.  It puts the cookies in a hash where the
key is the cookie name, so multiple domains can't really be represented.

Attached is a spec to show that it works as is.

-Zach


On Jan 15, 6:52 am, Ryan Tomayko <r...@tomayko.com> wrote:
> On Thu, Jan 7, 2010 at 10:01 PM, Zach Brock <zbr...@gmail.com> wrote:
> > This is a fix to an issue I ran into when dealing with a single sign on
> > system. Cookies should be unique per request by name and domain, but
Rack
> > currently only treats them as unique by name. This commit basically
makes it
> > possible to delete cookie "foo" on both www.example.com and .example.com
.
> > -Zach Brock
>
> I've had reports of a bug that disallows same-named cookies to be set
> for different domains. It looks like your patch addresses this as
> well. Can you confirm?
>
> Thanks,
> Ryan

--0016e64eeb5872be81047d3a1f56
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div>Hmm, I don&#39;t think so. =A0The only change I made was to the filter=
ing logic in Utils.delete_cookie_header!</div><div>I&#39;d imagine that add=
ing same-named cookies with different domains doesn&#39;t work if you&#39;r=
e using Rails though. =A0It puts the cookies in a hash where the key is the=
 cookie name, so multiple domains can&#39;t really be represented.</div>
<div><br></div><div>Attached is a spec to show that it works as is.</div><d=
iv><br></div><div>-Zach</div><div><br></div><div><br></div><div>On Jan 15, =
6:52 am, Ryan Tomayko &lt;<a href=3D"mailto:r...@tomayko.com">r...@tomayko.=
com</a>&gt; wrote:</div>
<div>&gt; On Thu, Jan 7, 2010 at 10:01 PM, Zach Brock &lt;<a href=3D"mailto=
:zbr...@gmail.com">zbr...@gmail.com</a>&gt; wrote:</div><div>&gt; &gt; This=
 is a fix to an issue I ran into when dealing with a single sign on</div>
<div>&gt; &gt; system. Cookies should be unique per request by name and dom=
ain, but Rack</div><div>&gt; &gt; currently only treats them as unique by n=
ame. This commit basically makes it</div><div>&gt; &gt; possible to delete =
cookie &quot;foo&quot; on both <a href=3D"http://www.example.com">www.examp=
le.com</a> and .<a href=3D"http://example.com">example.com</a>.</div>
<div>&gt; &gt; -Zach Brock</div><div>&gt;=A0</div><div>&gt; I&#39;ve had re=
ports of a bug that disallows same-named cookies to be set</div><div>&gt; f=
or different domains. It looks like your patch addresses this as</div><div>
&gt; well. Can you confirm?</div><div>&gt;=A0</div><div>&gt; Thanks,</div><=
div>&gt; Ryan</div>

--0016e64eeb5872be81047d3a1f56--
--0016e64eeb5872be87047d3a1f58
Content-Type: application/octet-stream; 
	name="0001-Adding-a-spec-for-adding-multiple-cookies-with-the-s.patch"
Content-Disposition: attachment; 
	filename="0001-Adding-a-spec-for-adding-multiple-cookies-with-the-s.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_g4hfyd5s0

RnJvbSA1ZWRmNTVjYzA1MDIwYzQ5ZGI3NGM3NDNmMDhmYmNkMzdkOTYwNmNmIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBaYWNoIEJyb2NrIDx6YnJvY2tAZ21haWwuY29tPgpEYXRlOiBG
cmksIDE1IEphbiAyMDEwIDEyOjQzOjM0IC0wODAwClN1YmplY3Q6IFtQQVRDSF0gQWRkaW5nIGEg
c3BlYyBmb3IgYWRkaW5nIG11bHRpcGxlIGNvb2tpZXMgd2l0aCB0aGUgc2FtZSBuYW1lIG9uIGRp
ZmZlcmVudCBkb21haW5zCgotLS0KIHRlc3Qvc3BlY19yYWNrX3Jlc3BvbnNlLnJiIHwgICAgNyAr
KysrKysrCiAxIGZpbGVzIGNoYW5nZWQsIDcgaW5zZXJ0aW9ucygrKSwgMCBkZWxldGlvbnMoLSkK
CmRpZmYgLS1naXQgYS90ZXN0L3NwZWNfcmFja19yZXNwb25zZS5yYiBiL3Rlc3Qvc3BlY19yYWNr
X3Jlc3BvbnNlLnJiCmluZGV4IGZiMTQ1MDguLjk0MmE1NjQgMTAwNjQ0Ci0tLSBhL3Rlc3Qvc3Bl
Y19yYWNrX3Jlc3BvbnNlLnJiCisrKyBiL3Rlc3Qvc3BlY19yYWNrX3Jlc3BvbnNlLnJiCkBAIC01
NSw2ICs1NSwxMyBAQCBjb250ZXh0ICJSYWNrOjpSZXNwb25zZSIgZG8KICAgICByZXNwb25zZVsi
U2V0LUNvb2tpZSJdLnNob3VsZC5lcXVhbCBbImZvbz1iYXIiLCAiZm9vMj1iYXIyIiwgImZvbzM9
YmFyMyJdCiAgIGVuZAogCisgIHNwZWNpZnkgImNhbiBzZXQgY29va2llcyB3aXRoIHRoZSBzYW1l
IG5hbWUgZm9yIG11bHRpcGxlIGRvbWFpbnMiIGRvCisgICAgcmVzcG9uc2UgPSBSYWNrOjpSZXNw
b25zZS5uZXcKKyAgICByZXNwb25zZS5zZXRfY29va2llICJmb28iLCB7OnZhbHVlID0+ICJiYXIi
LCA6ZG9tYWluID0+ICJzYW1wbGUuZXhhbXBsZS5jb20ifQorICAgIHJlc3BvbnNlLnNldF9jb29r
aWUgImZvbyIsIHs6dmFsdWUgPT4gImJhciIsIDpkb21haW4gPT4gIi5leGFtcGxlLmNvbSJ9Cisg
ICAgcmVzcG9uc2VbIlNldC1Db29raWUiXS5zaG91bGQuZXF1YWwgWyJmb289YmFyOyBkb21haW49
c2FtcGxlLmV4YW1wbGUuY29tIiwgImZvbz1iYXI7IGRvbWFpbj0uZXhhbXBsZS5jb20iXQorICBl
bmQKKwogICBzcGVjaWZ5ICJmb3JtYXRzIHRoZSBDb29raWUgZXhwaXJhdGlvbiBkYXRlIGFjY29y
ZGluZ2x5IHRvIFJGQyAyMTA5IiBkbwogICAgIHJlc3BvbnNlID0gUmFjazo6UmVzcG9uc2UubmV3
CiAgICAgCi0tIAoxLjYuMC4yCgo=
--0016e64eeb5872be87047d3a1f58--