From mboxrd@z Thu Jan 1 00:00:00 1970 Delivered-To: chneukirchen@gmail.com Received: by 10.239.138.72 with SMTP id o8cs229836hbo; Thu, 29 Apr 2010 15:13:12 -0700 (PDT) Received-SPF: pass (google.com: domain of rack-devel+bncCM_m-9D_FRD0iOjeBBoE30d60A@googlegroups.com designates 10.115.100.33 as permitted sender) client-ip=10.115.100.33; Authentication-Results: mr.google.com; spf=pass (google.com: domain of rack-devel+bncCM_m-9D_FRD0iOjeBBoE30d60A@googlegroups.com designates 10.115.100.33 as permitted sender) smtp.mail=rack-devel+bncCM_m-9D_FRD0iOjeBBoE30d60A@googlegroups.com; dkim=pass header.i=rack-devel+bncCM_m-9D_FRD0iOjeBBoE30d60A@googlegroups.com Received: from mr.google.com ([10.115.100.33]) by 10.115.100.33 with SMTP id c33mr1220194wam.29.1272579190228 (num_hops = 1); Thu, 29 Apr 2010 15:13:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=beta; h=domainkey-signature:received:x-beenthere:received:received:received :received:received-spf:received:mime-version:received:sender :received:in-reply-to:references:date:message-id:subject:from:to:cc :x-original-authentication-results:x-original-sender:reply-to :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe:content-type :content-transfer-encoding; bh=xhxqWbwKjvHPiZM6pYREPH+ZvcDICtx7vI/0raExJ88=; b=oEvNJOFBf2wkMIsx0SE+Pb1Q4vqbT3bezlaxXQECqnR1TgEd93SnI85+OObOXhJez7 IfpmZ7YIxmUNru/tamCcfy6Lb5pUM9fIvrD54rQ+OI9IUNti9iUXQ2tibVE5k9WAwb5x dcUjdSCvFOph0Zeug5dLGhGZi+OyaLXp6iCLU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlegroups.com; s=beta; h=x-beenthere:received-spf:mime-version:sender:in-reply-to:references :date:message-id:subject:from:to:cc :x-original-authentication-results:x-original-sender:reply-to :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe:content-type :content-transfer-encoding; b=TQM6YukCGfjcXGINPC6t3X6e+krrKRnLnAa9bztes9yIYMPm1mnhQwPyMMPvzR9ESi ea1al3tLWx+hyj5CD+WmauOknm3amXjHFA+xaWkLpSrRkNpi8QoaHbhJngLjnWL7Csce dJq3ljHrU6haVlfblIKf5ByUwGcOJihWwVKXo= Received: by 10.115.100.33 with SMTP id c33mr304404wam.29.1272579188815; Thu, 29 Apr 2010 15:13:08 -0700 (PDT) X-BeenThere: rack-devel@googlegroups.com Received: by 10.114.253.13 with SMTP id a13ls59610799wai.3.p; Thu, 29 Apr 2010 15:13:07 -0700 (PDT) Received: by 10.114.91.12 with SMTP id o12mr30118wab.22.1272579186878; Thu, 29 Apr 2010 15:13:06 -0700 (PDT) Received: by 10.114.91.12 with SMTP id o12mr30117wab.22.1272579186839; Thu, 29 Apr 2010 15:13:06 -0700 (PDT) Return-Path: Received: from mail-pz0-f185.google.com (mail-pz0-f185.google.com [209.85.222.185]) by gmr-mx.google.com with ESMTP id 18si219759pzk.14.2010.04.29.15.13.05; Thu, 29 Apr 2010 15:13:05 -0700 (PDT) Received-SPF: pass (google.com: domain of rtomayko@gmail.com designates 209.85.222.185 as permitted sender) client-ip=209.85.222.185; Received: by mail-pz0-f185.google.com with SMTP id 15so10005197pzk.15 for ; Thu, 29 Apr 2010 15:13:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.142.60.14 with SMTP id i14mr3803818wfa.196.1272579180879; Thu, 29 Apr 2010 15:13:00 -0700 (PDT) Sender: rack-devel@googlegroups.com Received: by 10.142.113.8 with HTTP; Thu, 29 Apr 2010 15:13:00 -0700 (PDT) In-Reply-To: References: Date: Thu, 29 Apr 2010 15:13:00 -0700 Message-ID: Subject: Re: Deleting cookies with the same name from multiple domains From: Ryan Tomayko To: rack-devel@googlegroups.com Cc: zbrock@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of rtomayko@gmail.com designates 209.85.222.185 as permitted sender) smtp.mail=rtomayko@gmail.com; dkim=pass (test mode) header.i=@gmail.com X-Original-Sender: r@tomayko.com Reply-To: rack-devel@googlegroups.com Precedence: list Mailing-list: list rack-devel@googlegroups.com; contact rack-devel+owners@googlegroups.com List-ID: List-Post: , List-Help: , List-Archive: List-Subscribe: , List-Unsubscribe: , Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, Jan 15, 2010 at 1:48 PM, Zach Brock wrote: > Hmm, I don't think so. =C2=A0The only change I made was to the filtering = logic in > Utils.delete_cookie_header! > I'd imagine that adding same-named cookies with different domains doesn't > work if you're using Rails though. =C2=A0It puts the cookies in a hash wh= ere the > key is the cookie name, so multiple domains can't really be represented. > Attached is a spec to show that it works as is. > -Zach > > On Jan 15, 6:52 am, Ryan Tomayko wrote: >> On Thu, Jan 7, 2010 at 10:01 PM, Zach Brock wrote: >> > This is a fix to an issue I ran into when dealing with a single sign o= n >> > system. Cookies should be unique per request by name and domain, but >> > Rack >> > currently only treats them as unique by name. This commit basically >> > makes it >> > possible to delete cookie "foo" on both www.example.com and >> > .example.com. >> > -Zach Brock >> >> I've had reports of a bug that disallows same-named cookies to be set >> for different domains. It looks like your patch addresses this as >> well. Can you confirm? Applied the following to allow deleting same-named cookies on different dom= ains. Thanks, Ryan >From 55cbbc91ae0a03445dd9e0ba1830f70fbd2f4d52 Mon Sep 17 00:00:00 2001 From: Zach Brock Date: Thu, 7 Jan 2010 21:43:51 -0800 Subject: [PATCH] allow delete of cookies with same name but different domai= n Adding a spec for adding multiple cookies with the same name on different domains --- lib/rack/utils.rb | 6 +++++- test/spec_rack_response.rb | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletions(-) diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb index 50bee6e..f3b1a62 100644 --- a/lib/rack/utils.rb +++ b/lib/rack/utils.rb @@ -216,7 +216,11 @@ module Rack end cookies.reject! { |cookie| - cookie =3D~ /\A#{escape(key)}=3D/ + if value[:domain] + cookie =3D~ /\A#{escape(key)}=3D.*domain=3D#{value[:domain]}/ + else + cookie =3D~ /\A#{escape(key)}=3D/ + end } header["Set-Cookie"] =3D cookies.join("\n") diff --git a/test/spec_rack_response.rb b/test/spec_rack_response.rb index 98f8289..a8d9dfe 100644 --- a/test/spec_rack_response.rb +++ b/test/spec_rack_response.rb @@ -55,6 +55,13 @@ context "Rack::Response" do response["Set-Cookie"].should.equal ["foo=3Dbar", "foo2=3Dbar2", "foo3=3Dbar3"].join("\n") end + specify "can set cookies with the same name for multiple domains" do + response =3D Rack::Response.new + response.set_cookie "foo", {:value =3D> "bar", :domain =3D> "sample.example.com"} + response.set_cookie "foo", {:value =3D> "bar", :domain =3D> ".example.= com"} + response["Set-Cookie"].should.equal ["foo=3Dbar; domain=3Dsample.example.com", "foo=3Dbar; domain=3D.example.com"].join("\n"= ) + end + specify "formats the Cookie expiration date accordingly to RFC 2109" do response =3D Rack::Response.new @@ -86,6 +93,18 @@ context "Rack::Response" do ].join("\n") end + specify "can delete cookies with the same name from multiple domains" do + response =3D Rack::Response.new + response.set_cookie "foo", {:value =3D> "bar", :domain =3D> "sample.example.com"} + response.set_cookie "foo", {:value =3D> "bar", :domain =3D> ".example.= com"} + response["Set-Cookie"].should.equal ["foo=3Dbar; domain=3Dsample.example.com", "foo=3Dbar; domain=3D.example.com"].join("\n"= ) + response.delete_cookie "foo", :domain =3D> ".example.com" + response["Set-Cookie"].should.equal ["foo=3Dbar; domain=3Dsample.example.com", "foo=3D; domain=3D.example.com; expires=3DThu= , 01-Jan-1970 00:00:00 GMT"].join("\n") + response.delete_cookie "foo", :domain =3D> "sample.example.com" + response["Set-Cookie"].should.equal ["foo=3D; domain=3D.example.com; expires=3DThu, 01-Jan-1970 00:00:00 GMT", + "foo=3D; domain=3Dsample.example.com; expires=3DThu, 01-Jan-1970 00:00:00 GMT"].join("\n") + end + specify "can do redirects" do response =3D Rack::Response.new response.redirect "/foo" --=20 1.7.0.5