diff options
author | Rizwan Reza <rizwanreza@gmail.com> | 2010-06-11 10:25:39 +0430 |
---|---|---|
committer | José Valim <jose.valim@gmail.com> | 2010-06-11 16:34:52 +0200 |
commit | 44830ead1c88e1c45124133ce3e2ed9f890f42de (patch) | |
tree | 60e3ca7b619395cbd9c16c15c43606ae2b81e37d | |
parent | b69a2db952497473aacef29ea8c85973e634048f (diff) | |
download | rails-44830ead1c88e1c45124133ce3e2ed9f890f42de.tar.gz rails-44830ead1c88e1c45124133ce3e2ed9f890f42de.tar.bz2 rails-44830ead1c88e1c45124133ce3e2ed9f890f42de.zip |
Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. [#4818 state:resolved]
This reverts commit 330a89072a493aafef1e07c3558964477f85adf0.
4 files changed, 47 insertions, 2 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 562b1dba3d..967bd76025 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,7 +1,10 @@ -Rails 3.0.0 [Release Candidate] (unreleased)* +*Rails 3.0.0 [Release Candidate] (unreleased)* + +* Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. #4818 [Guillermo Álvarez] * Removed textilize, textilize_without_paragraph and markdown helpers. [Santiago Pastorino] + *Rails 3.0.0 [beta 4] (June 8th, 2010)* * Remove middleware laziness [José Valim] diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb index 3e8d64b0c6..040a83f7a6 100644 --- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb @@ -121,7 +121,12 @@ module ActionDispatch unless options[:expire_after].nil? cookie[:expires] = Time.now + options.delete(:expire_after) end - + + if options[:domain] == :all + top_level_domain = env["HTTP_HOST"].split('.')[-2..-1].join('.') + options[:domain] = ".#{top_level_domain}" + end + request = ActionDispatch::Request.new(env) set_cookie(request, cookie.merge!(options)) end diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb index 92a86ee229..0fc63d026f 100644 --- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb @@ -34,6 +34,14 @@ module ActionDispatch # integrity defaults to 'SHA1' but may be any digest provided by OpenSSL, # such as 'MD5', 'RIPEMD160', 'SHA256', etc. # + # * <tt>:domain</tt>: Restrict the session cookie to certain domain level. + # If you use a schema like www.example.com and wants to share session + # with user.example.com set <tt>:domain</tt> to <tt>:all</tt> + # + # :domain => nil # Does not sets cookie domain. (default) + # :domain => :all # Allow the cookie for the top most level + # domain and subdomains. + # # To generate a secret key for an existing application, run # "rake secret" and set the key in config/environment.rb. # diff --git a/actionpack/test/dispatch/session/cookie_store_test.rb b/actionpack/test/dispatch/session/cookie_store_test.rb index 21d11ff31c..b542824789 100644 --- a/actionpack/test/dispatch/session/cookie_store_test.rb +++ b/actionpack/test/dispatch/session/cookie_store_test.rb @@ -185,6 +185,35 @@ class CookieStoreTest < ActionController::IntegrationTest end end + def test_session_store_with_explicit_domain + with_test_route_set(:domain => "example.es") do + get '/set_session_value' + assert_match /domain=example\.es/, headers['Set-Cookie'] + headers['Set-Cookie'] + end + end + + def test_session_store_without_domain + with_test_route_set do + get '/set_session_value' + assert_no_match /domain\=/, headers['Set-Cookie'] + end + end + + def test_session_store_with_nil_domain + with_test_route_set(:domain => nil) do + get '/set_session_value' + assert_no_match /domain\=/, headers['Set-Cookie'] + end + end + + def test_session_store_with_all_domains + with_test_route_set(:domain => :all) do + get '/set_session_value' + assert_match /domain=\.example\.com/, headers['Set-Cookie'] + end + end + private # Overwrite get to send SessionSecret in env hash |