Changed session cookie defaults to work better with google chrome

12 years ago · bfeee75696
3 changed files with 28 additions and 0 deletions
--- a/2
+++ b/2
@ -49,6 +49,8 @@ Release date to be decided.
  exception is passed through.
 - Added a workaround for chrome's cookies in localhost not working
  as intended with domain names.
+- Changed logic for picking defaults for cookie values from sessions
+  to work better with Google Chrome.

 Version 0.9
 -----------
--- a/flask/sessions.py
+++ b/flask/sessions.py
@ -193,11 +193,21 @@ class SessionInterface(object):
        if app.config['SERVER_NAME'] is not None:
            # chop of the port which is usually not supported by browsers
            rv = '.' + app.config['SERVER_NAME'].rsplit(':', 1)[0]
+
            # Google chrome does not like cookies set to .localhost, so
            # we just go with no domain then.  Flask documents anyways that
            # cross domain cookies need a fully qualified domain name
            if rv == '.localhost':
                rv = None
+
+            # If we infer the cookie domain from the server name we need
+            # to check if we are in a subpath.  In that case we can't
+            # set a cross domain cookie.
+            if rv is not None:
+                path = self.get_cookie_path(app)
+                if path != '/':
+                    rv = rv.lstrip('.')
+
            return rv

    def get_cookie_path(self, app):
--- a/flask/testsuite/basic.py
+++ b/flask/testsuite/basic.py
@ -190,6 +190,22 @@ class BasicFunctionalityTestCase(FlaskTestCase):
        self.assert_('domain=.example.com' in rv.headers['set-cookie'].lower())
        self.assert_('httponly' in rv.headers['set-cookie'].lower())

+    def test_session_using_server_name_port_and_path(self):
+        app = flask.Flask(__name__)
+        app.config.update(
+            SECRET_KEY='foo',
+            SERVER_NAME='example.com:8080',
+            APPLICATION_ROOT='/foo'
+        )
+        @app.route('/')
+        def index():
+            flask.session['testing'] = 42
+            return 'Hello World'
+        rv = app.test_client().get('/', 'http://example.com:8080/foo')
+        self.assert_('domain=example.com' in rv.headers['set-cookie'].lower())
+        self.assert_('path=/foo' in rv.headers['set-cookie'].lower())
+        self.assert_('httponly' in rv.headers['set-cookie'].lower())
+
    def test_session_using_application_root(self):
        class PrefixPathMiddleware(object):
            def __init__(self, app, prefix):