Armin Ronacher avatar Armin Ronacher committed bfeee75

Changed session cookie defaults to work better with google chrome

Comments (0)

Files changed (3)

   exception is passed through.
 - Added a workaround for chrome's cookies in localhost not working
   as intended with domain names.
+- Changed logic for picking defaults for cookie values from sessions
+  to work better with Google Chrome.
 
 Version 0.9
 -----------

flask/sessions.py

         if app.config['SERVER_NAME'] is not None:
             # chop of the port which is usually not supported by browsers
             rv = '.' + app.config['SERVER_NAME'].rsplit(':', 1)[0]
+
             # Google chrome does not like cookies set to .localhost, so
             # we just go with no domain then.  Flask documents anyways that
             # cross domain cookies need a fully qualified domain name
             if rv == '.localhost':
                 rv = None
+
+            # If we infer the cookie domain from the server name we need
+            # to check if we are in a subpath.  In that case we can't
+            # set a cross domain cookie.
+            if rv is not None:
+                path = self.get_cookie_path(app)
+                if path != '/':
+                    rv = rv.lstrip('.')
+
             return rv
 
     def get_cookie_path(self, app):

flask/testsuite/basic.py

         self.assert_('domain=.example.com' in rv.headers['set-cookie'].lower())
         self.assert_('httponly' in rv.headers['set-cookie'].lower())
 
+    def test_session_using_server_name_port_and_path(self):
+        app = flask.Flask(__name__)
+        app.config.update(
+            SECRET_KEY='foo',
+            SERVER_NAME='example.com:8080',
+            APPLICATION_ROOT='/foo'
+        )
+        @app.route('/')
+        def index():
+            flask.session['testing'] = 42
+            return 'Hello World'
+        rv = app.test_client().get('/', 'http://example.com:8080/foo')
+        self.assert_('domain=example.com' in rv.headers['set-cookie'].lower())
+        self.assert_('path=/foo' in rv.headers['set-cookie'].lower())
+        self.assert_('httponly' in rv.headers['set-cookie'].lower())
+
     def test_session_using_application_root(self):
         class PrefixPathMiddleware(object):
             def __init__(self, app, prefix):
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.