Commits

Anonymous committed 59f2b74

Fix for #422, #412 and #289

  • Participants
  • Parent commits ad73b40

Comments (0)

Files changed (1)

cherrypy/filters/sessionfilter.py

         sess.sessionTimeout = conf('session_filter.timeout', 60)
         sess.sessionLocking = conf('session_filter.locking', 'explicit')
         sess.onCreateSession = conf('session_filter.on_create_session',
-                                    lambda data: None)
+                lambda data: None)
         sess.onDeleteSession = conf('session_filter.on_delete_session',
-                                    lambda data: None)
+                lambda data: None)
+        sess.generate_session_id = conf('session_filter.on_delete_session',
+                generate_session_id)
         
         cleanUpDelay = conf('session_filter.clean_up_delay', 5)
         cleanUpDelay = datetime.timedelta(seconds = cleanUpDelay * 60)
         
         cookieName = conf('session_filter.cookie_name', 'sessionID')
+        cookieDomain = conf('session_filter.cookie_domain', None)
+        cookieSecure = conf('session_filter.cookie_secure', False)
+        cookiePath = conf('session_filter.cookie_path', None)
+
+        if cookiePath is None:
+            cookiePathHeader = conf('session_filter.cookie_path_from_header', None)
+            if cookiePathHeader is not None:
+                cookiePath = cherrypy.request.headerMap.get(cookiePathHeader, None)
+            if cookiePath is None:
+                cookiePath = '/'
+
         sess.deadlockTimeout = conf('session_filter.deadlock_timeout', 30)
         
         storage = conf('session_filter.storage_type', 'Ram')
                 sess.sessionData = data[0]
         else:
             # No sessionID yet
-            sess.sessionID = generateSessionID()
+            sess.sessionID = sess.generate_session_id()
             sess.sessionData = {'_id': sess.sessionID}
             sess.onCreateSession(sess.sessionData)
         # Set response cookie
         cookie = cherrypy.response.simpleCookie
         cookie[cookieName] = sess.sessionID
-        cookie[cookieName]['path'] = '/'
+        cookie[cookieName]['path'] = cookiePath
         cookie[cookieName]['max-age'] = sess.sessionTimeout * 60
         cookie[cookieName]['version'] = 1
+        if cookieDomain is not None:
+            cookie[cookieName]['domain'] = cookieDomain
+        if cookieSecure is True:
+            cookie[cookieName]['secure'] = 1
     
     def before_finalize(self):
         def saveData(body, sess):
             (now,))
 
 
-def generateSessionID():
+def generate_session_id():
     """ Return a new sessionID """
     return sha.new('%s' % random.random()).hexdigest()