From da514b398429653dbd368c6da48c9863d3c2632f Mon Sep 17 00:00:00 2001 From: Armin Ronacher Date: Tue, 6 Jul 2010 10:42:36 +0200 Subject: [PATCH] Respect the domain for the session cookie. This fixes #79 --- flask/app.py | 7 +++++-- tests/flask_tests.py | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/flask/app.py b/flask/app.py index e5691edd..0bdce818 100644 --- a/flask/app.py +++ b/flask/app.py @@ -420,11 +420,14 @@ class Flask(_PackageBoundObject): object) :param response: an instance of :attr:`response_class` """ - expires = None + expires = domain = None if session.permanent: expires = datetime.utcnow() + self.permanent_session_lifetime + if self.config['SERVER_NAME'] is not None: + domain = '.' + self.config['SERVER_NAME'] session.save_cookie(response, self.session_cookie_name, - expires=expires, httponly=True) + expires=expires, httponly=True, + domain=domain) def register_module(self, module, **options): """Registers a module with this application. The keyword argument diff --git a/tests/flask_tests.py b/tests/flask_tests.py index 129ec3b2..1da3b23c 100644 --- a/tests/flask_tests.py +++ b/tests/flask_tests.py @@ -172,6 +172,20 @@ class BasicFunctionalityTestCase(unittest.TestCase): assert c.post('/set', data={'value': '42'}).data == 'value set' assert c.get('/get').data == '42' + def test_session_using_server_name(self): + app = flask.Flask(__name__) + app.config.update( + SECRET_KEY='foo', + SERVER_NAME='example.com' + ) + @app.route('/') + def index(): + flask.session['testing'] = 42 + return 'Hello World' + rv = app.test_client().get('/', 'http://example.com/') + assert 'domain=.example.com' in rv.headers['set-cookie'].lower() + assert 'httponly' in rv.headers['set-cookie'].lower() + def test_missing_session(self): app = flask.Flask(__name__) def expect_exception(f, *args, **kwargs):