From: Ryan Tomayko <r@tomayko.com>
To: rack-devel@googlegroups.com
Cc: zbrock@gmail.com
Subject: Re: Deleting cookies with the same name from multiple domains
Date: Thu, 29 Apr 2010 15:13:00 -0700 [thread overview]
Message-ID: <n2wf732822d1004291513ka1c4c24aoda8e354d37fd8e51@mail.gmail.com> (raw)
In-Reply-To: <d3965c3e1001151248r2027b2c4m7f4751e901e8ccb8@mail.gmail.com>
On Fri, Jan 15, 2010 at 1:48 PM, Zach Brock <zbrock@gmail.com> wrote:
> Hmm, I don't think so. The only change I made was to the filtering logic in
> Utils.delete_cookie_header!
> I'd imagine that adding same-named cookies with different domains doesn't
> work if you're using Rails though. It puts the cookies in a hash where the
> key is the cookie name, so multiple domains can't really be represented.
> Attached is a spec to show that it works as is.
> -Zach
>
> On Jan 15, 6:52 am, Ryan Tomayko <r...@tomayko.com> wrote:
>> On Thu, Jan 7, 2010 at 10:01 PM, Zach Brock <zbr...@gmail.com> wrote:
>> > This is a fix to an issue I ran into when dealing with a single sign on
>> > system. Cookies should be unique per request by name and domain, but
>> > Rack
>> > currently only treats them as unique by name. This commit basically
>> > makes it
>> > possible to delete cookie "foo" on both www.example.com and
>> > .example.com.
>> > -Zach Brock
>>
>> I've had reports of a bug that disallows same-named cookies to be set
>> for different domains. It looks like your patch addresses this as
>> well. Can you confirm?
Applied the following to allow deleting same-named cookies on different domains.
Thanks,
Ryan
From 55cbbc91ae0a03445dd9e0ba1830f70fbd2f4d52 Mon Sep 17 00:00:00 2001
From: Zach Brock <zbrock@gmail.com>
Date: Thu, 7 Jan 2010 21:43:51 -0800
Subject: [PATCH] allow delete of cookies with same name but different domain
Adding a spec for adding multiple cookies with the same name on
different domains
---
lib/rack/utils.rb | 6 +++++-
test/spec_rack_response.rb | 19 +++++++++++++++++++
2 files changed, 24 insertions(+), 1 deletions(-)
diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb
index 50bee6e..f3b1a62 100644
--- a/lib/rack/utils.rb
+++ b/lib/rack/utils.rb
@@ -216,7 +216,11 @@ module Rack
end
cookies.reject! { |cookie|
- cookie =~ /\A#{escape(key)}=/
+ if value[:domain]
+ cookie =~ /\A#{escape(key)}=.*domain=#{value[:domain]}/
+ else
+ cookie =~ /\A#{escape(key)}=/
+ end
}
header["Set-Cookie"] = cookies.join("\n")
diff --git a/test/spec_rack_response.rb b/test/spec_rack_response.rb
index 98f8289..a8d9dfe 100644
--- a/test/spec_rack_response.rb
+++ b/test/spec_rack_response.rb
@@ -55,6 +55,13 @@ context "Rack::Response" do
response["Set-Cookie"].should.equal ["foo=bar", "foo2=bar2",
"foo3=bar3"].join("\n")
end
+ specify "can set cookies with the same name for multiple domains" do
+ response = Rack::Response.new
+ response.set_cookie "foo", {:value => "bar", :domain =>
"sample.example.com"}
+ response.set_cookie "foo", {:value => "bar", :domain => ".example.com"}
+ response["Set-Cookie"].should.equal ["foo=bar;
domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n")
+ end
+
specify "formats the Cookie expiration date accordingly to RFC 2109" do
response = Rack::Response.new
@@ -86,6 +93,18 @@ context "Rack::Response" do
].join("\n")
end
+ specify "can delete cookies with the same name from multiple domains" do
+ response = Rack::Response.new
+ response.set_cookie "foo", {:value => "bar", :domain =>
"sample.example.com"}
+ response.set_cookie "foo", {:value => "bar", :domain => ".example.com"}
+ response["Set-Cookie"].should.equal ["foo=bar;
domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n")
+ response.delete_cookie "foo", :domain => ".example.com"
+ response["Set-Cookie"].should.equal ["foo=bar;
domain=sample.example.com", "foo=; domain=.example.com; expires=Thu,
01-Jan-1970 00:00:00 GMT"].join("\n")
+ response.delete_cookie "foo", :domain => "sample.example.com"
+ response["Set-Cookie"].should.equal ["foo=; domain=.example.com;
expires=Thu, 01-Jan-1970 00:00:00 GMT",
+ "foo=;
domain=sample.example.com; expires=Thu, 01-Jan-1970 00:00:00
GMT"].join("\n")
+ end
+
specify "can do redirects" do
response = Rack::Response.new
response.redirect "/foo"
--
1.7.0.5
prev parent reply other threads:[~2010-04-29 22:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-15 20:48 Deleting cookies with the same name from multiple domains Zach Brock
2010-04-29 22:13 ` Ryan Tomayko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://groups.google.com/group/rack-devel
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=n2wf732822d1004291513ka1c4c24aoda8e354d37fd8e51@mail.gmail.com \
--to=rack-devel@googlegroups.com \
--cc=zbrock@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).