playground
/
flask
mirror of https://github.com/mitsuhiko/flask.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

Changed session cookie defaults to work better with google chrome

pull/675/head
Armin Ronacher 12 years ago
parent
6bd0080575
commit
bfeee75696
3 changed files with 28 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      CHANGES
  2. 10
      flask/sessions.py
  3. 16
      flask/testsuite/basic.py

2
CHANGES
Unescape View File

@ -49,6 +49,8 @@ Release date to be decided.
exception is passed through. exception is passed through.
- Added a workaround for chrome's cookies in localhost not working - Added a workaround for chrome's cookies in localhost not working
as intended with domain names. as intended with domain names.
- Changed logic for picking defaults for cookie values from sessions
to work better with Google Chrome.
Version 0.9 Version 0.9
----------- -----------

10
flask/sessions.py
Unescape View File

@ -193,11 +193,21 @@ class SessionInterface(object):
if app.config['SERVER_NAME'] is not None: if app.config['SERVER_NAME'] is not None:
# chop of the port which is usually not supported by browsers # chop of the port which is usually not supported by browsers
rv = '.' + app.config['SERVER_NAME'].rsplit(':', 1)[0] rv = '.' + app.config['SERVER_NAME'].rsplit(':', 1)[0]
# Google chrome does not like cookies set to .localhost, so # Google chrome does not like cookies set to .localhost, so
# we just go with no domain then. Flask documents anyways that # we just go with no domain then. Flask documents anyways that
# cross domain cookies need a fully qualified domain name # cross domain cookies need a fully qualified domain name
if rv == '.localhost': if rv == '.localhost':
rv = None rv = None
# If we infer the cookie domain from the server name we need
# to check if we are in a subpath. In that case we can't
# set a cross domain cookie.
if rv is not None:
path = self.get_cookie_path(app)
if path != '/':
rv = rv.lstrip('.')
return rv return rv
def get_cookie_path(self, app): def get_cookie_path(self, app):

16
flask/testsuite/basic.py
Unescape View File

@ -190,6 +190,22 @@ class BasicFunctionalityTestCase(FlaskTestCase):
self.assert_('domain=.example.com' in rv.headers['set-cookie'].lower()) self.assert_('domain=.example.com' in rv.headers['set-cookie'].lower())
self.assert_('httponly' in rv.headers['set-cookie'].lower()) self.assert_('httponly' in rv.headers['set-cookie'].lower())
def test_session_using_server_name_port_and_path(self):
app = flask.Flask(__name__)
app.config.update(
SECRET_KEY='foo',
SERVER_NAME='example.com:8080',
APPLICATION_ROOT='/foo'
)
@app.route('/')
def index():
flask.session['testing'] = 42
return 'Hello World'
rv = app.test_client().get('/', 'http://example.com:8080/foo')
self.assert_('domain=example.com' in rv.headers['set-cookie'].lower())
self.assert_('path=/foo' in rv.headers['set-cookie'].lower())
self.assert_('httponly' in rv.headers['set-cookie'].lower())
def test_session_using_application_root(self): def test_session_using_application_root(self):
class PrefixPathMiddleware(object): class PrefixPathMiddleware(object):
def __init__(self, app, prefix): def __init__(self, app, prefix):

Write Preview
Loading…
Cancel
Save