From 841bb7147d3b6a391fd93bbfe5c566adb5244b60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillermo=20A=CC=81lvarez?= Date: Thu, 10 Jun 2010 11:41:32 +0200 Subject: [PATCH] Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. [#4818 state:resolved] --- .../middleware/session/abstract_store.rb | 7 ++++- .../middleware/session/cookie_store.rb | 8 +++++ .../test/dispatch/session/cookie_store_test.rb | 29 ++++++++++++++++++++ 3 files changed, 43 insertions(+), 1 deletions(-) diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb index 3e8d64b..040a83f 100644 --- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb @@ -121,7 +121,12 @@ module ActionDispatch unless options[:expire_after].nil? cookie[:expires] = Time.now + options.delete(:expire_after) end - + + if options[:domain] == :all + top_level_domain = env["HTTP_HOST"].split('.')[-2..-1].join('.') + options[:domain] = ".#{top_level_domain}" + end + request = ActionDispatch::Request.new(env) set_cookie(request, cookie.merge!(options)) end diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb index 92a86ee..0fc63d0 100644 --- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb @@ -34,6 +34,14 @@ module ActionDispatch # integrity defaults to 'SHA1' but may be any digest provided by OpenSSL, # such as 'MD5', 'RIPEMD160', 'SHA256', etc. # + # * :domain: Restrict the session cookie to certain domain level. + # If you use a schema like www.example.com and wants to share session + # with user.example.com set :domain to :all + # + # :domain => nil # Does not sets cookie domain. (default) + # :domain => :all # Allow the cookie for the top most level + # domain and subdomains. + # # To generate a secret key for an existing application, run # "rake secret" and set the key in config/environment.rb. # diff --git a/actionpack/test/dispatch/session/cookie_store_test.rb b/actionpack/test/dispatch/session/cookie_store_test.rb index 21d11ff..b542824 100644 --- a/actionpack/test/dispatch/session/cookie_store_test.rb +++ b/actionpack/test/dispatch/session/cookie_store_test.rb @@ -185,6 +185,35 @@ class CookieStoreTest < ActionController::IntegrationTest end end + def test_session_store_with_explicit_domain + with_test_route_set(:domain => "example.es") do + get '/set_session_value' + assert_match /domain=example\.es/, headers['Set-Cookie'] + headers['Set-Cookie'] + end + end + + def test_session_store_without_domain + with_test_route_set do + get '/set_session_value' + assert_no_match /domain\=/, headers['Set-Cookie'] + end + end + + def test_session_store_with_nil_domain + with_test_route_set(:domain => nil) do + get '/set_session_value' + assert_no_match /domain\=/, headers['Set-Cookie'] + end + end + + def test_session_store_with_all_domains + with_test_route_set(:domain => :all) do + get '/set_session_value' + assert_match /domain=\.example\.com/, headers['Set-Cookie'] + end + end + private # Overwrite get to send SessionSecret in env hash -- 1.7.0.3