From ccd5ced70e48515e222b84dccc8f21d32c864dcd Mon Sep 17 00:00:00 2001 From: Armin Ronacher Date: Mon, 27 Jun 2011 09:40:45 +0200 Subject: [PATCH] Chop of ports for session cookies. This fixes #253 --- flask/app.py | 3 ++- tests/flask_tests.py | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/flask/app.py b/flask/app.py index 55f79ebb..03a0c9f1 100644 --- a/flask/app.py +++ b/flask/app.py @@ -602,7 +602,8 @@ class Flask(_PackageBoundObject): if session.permanent: expires = datetime.utcnow() + self.permanent_session_lifetime if self.config['SERVER_NAME'] is not None: - domain = '.' + self.config['SERVER_NAME'] + # chop of the port which is usually not supported by browsers + domain = '.' + self.config['SERVER_NAME'].rsplit(':', 1)[0] session.save_cookie(response, self.session_cookie_name, expires=expires, httponly=True, domain=domain) diff --git a/tests/flask_tests.py b/tests/flask_tests.py index dae687dd..ae43f93f 100644 --- a/tests/flask_tests.py +++ b/tests/flask_tests.py @@ -306,6 +306,20 @@ class BasicFunctionalityTestCase(unittest.TestCase): assert 'domain=.example.com' in rv.headers['set-cookie'].lower() assert 'httponly' in rv.headers['set-cookie'].lower() + def test_session_using_server_name_and_port(self): + app = flask.Flask(__name__) + app.config.update( + SECRET_KEY='foo', + SERVER_NAME='example.com:8080' + ) + @app.route('/') + def index(): + flask.session['testing'] = 42 + return 'Hello World' + rv = app.test_client().get('/', 'http://example.com:8080/') + assert 'domain=.example.com' in rv.headers['set-cookie'].lower() + assert 'httponly' in rv.headers['set-cookie'].lower() + def test_missing_session(self): app = flask.Flask(__name__) def expect_exception(f, *args, **kwargs):