rack-devel archive mirror (unofficial) https://groups.google.com/group/rack-devel
 help / color / mirror / Atom feed
From: Ryan Tomayko <r@tomayko.com>
To: rack-devel@googlegroups.com
Cc: zbrock@gmail.com
Subject: Re: Deleting cookies with the same name from multiple domains
Date: Thu, 29 Apr 2010 15:13:00 -0700	[thread overview]
Message-ID: <n2wf732822d1004291513ka1c4c24aoda8e354d37fd8e51@mail.gmail.com> (raw)
In-Reply-To: <d3965c3e1001151248r2027b2c4m7f4751e901e8ccb8@mail.gmail.com>

On Fri, Jan 15, 2010 at 1:48 PM, Zach Brock <zbrock@gmail.com> wrote:
> Hmm, I don't think so.  The only change I made was to the filtering logic in
> Utils.delete_cookie_header!
> I'd imagine that adding same-named cookies with different domains doesn't
> work if you're using Rails though.  It puts the cookies in a hash where the
> key is the cookie name, so multiple domains can't really be represented.
> Attached is a spec to show that it works as is.
> -Zach
>
> On Jan 15, 6:52 am, Ryan Tomayko <r...@tomayko.com> wrote:
>> On Thu, Jan 7, 2010 at 10:01 PM, Zach Brock <zbr...@gmail.com> wrote:
>> > This is a fix to an issue I ran into when dealing with a single sign on
>> > system. Cookies should be unique per request by name and domain, but
>> > Rack
>> > currently only treats them as unique by name. This commit basically
>> > makes it
>> > possible to delete cookie "foo" on both www.example.com and
>> > .example.com.
>> > -Zach Brock
>>
>> I've had reports of a bug that disallows same-named cookies to be set
>> for different domains. It looks like your patch addresses this as
>> well. Can you confirm?

Applied the following to allow deleting same-named cookies on different domains.

Thanks,
Ryan

From 55cbbc91ae0a03445dd9e0ba1830f70fbd2f4d52 Mon Sep 17 00:00:00 2001
From: Zach Brock <zbrock@gmail.com>
Date: Thu, 7 Jan 2010 21:43:51 -0800
Subject: [PATCH] allow delete of cookies with same name but different domain

Adding a spec for adding multiple cookies with the same name on
different domains
---
 lib/rack/utils.rb          |    6 +++++-
 test/spec_rack_response.rb |   19 +++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletions(-)

diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb
index 50bee6e..f3b1a62 100644
--- a/lib/rack/utils.rb
+++ b/lib/rack/utils.rb
@@ -216,7 +216,11 @@ module Rack
       end

       cookies.reject! { |cookie|
-        cookie =~ /\A#{escape(key)}=/
+        if value[:domain]
+          cookie =~ /\A#{escape(key)}=.*domain=#{value[:domain]}/
+        else
+          cookie =~ /\A#{escape(key)}=/
+        end
       }

       header["Set-Cookie"] = cookies.join("\n")
diff --git a/test/spec_rack_response.rb b/test/spec_rack_response.rb
index 98f8289..a8d9dfe 100644
--- a/test/spec_rack_response.rb
+++ b/test/spec_rack_response.rb
@@ -55,6 +55,13 @@ context "Rack::Response" do
     response["Set-Cookie"].should.equal ["foo=bar", "foo2=bar2",
"foo3=bar3"].join("\n")
   end

+  specify "can set cookies with the same name for multiple domains" do
+    response = Rack::Response.new
+    response.set_cookie "foo", {:value => "bar", :domain =>
"sample.example.com"}
+    response.set_cookie "foo", {:value => "bar", :domain => ".example.com"}
+    response["Set-Cookie"].should.equal ["foo=bar;
domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n")
+  end
+
   specify "formats the Cookie expiration date accordingly to RFC 2109" do
     response = Rack::Response.new

@@ -86,6 +93,18 @@ context "Rack::Response" do
     ].join("\n")
   end

+  specify "can delete cookies with the same name from multiple domains" do
+    response = Rack::Response.new
+    response.set_cookie "foo", {:value => "bar", :domain =>
"sample.example.com"}
+    response.set_cookie "foo", {:value => "bar", :domain => ".example.com"}
+    response["Set-Cookie"].should.equal ["foo=bar;
domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n")
+    response.delete_cookie "foo", :domain => ".example.com"
+    response["Set-Cookie"].should.equal ["foo=bar;
domain=sample.example.com", "foo=; domain=.example.com; expires=Thu,
01-Jan-1970 00:00:00 GMT"].join("\n")
+    response.delete_cookie "foo", :domain => "sample.example.com"
+    response["Set-Cookie"].should.equal ["foo=; domain=.example.com;
expires=Thu, 01-Jan-1970 00:00:00 GMT",
+                                         "foo=;
domain=sample.example.com; expires=Thu, 01-Jan-1970 00:00:00
GMT"].join("\n")
+  end
+
   specify "can do redirects" do
     response = Rack::Response.new
     response.redirect "/foo"
-- 
1.7.0.5

      reply	other threads:[~2010-04-29 22:13 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-01-15 20:48 Deleting cookies with the same name from multiple domains Zach Brock
2010-04-29 22:13 ` Ryan Tomayko [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://groups.google.com/group/rack-devel

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=n2wf732822d1004291513ka1c4c24aoda8e354d37fd8e51@mail.gmail.com \
    --to=rack-devel@googlegroups.com \
    --cc=zbrock@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).