diff options
author | Edouard CHIN <edouard.chin@shopify.com> | 2019-02-01 16:00:33 -0500 |
---|---|---|
committer | Edouard CHIN <edouard.chin@shopify.com> | 2019-02-04 14:25:17 +0100 |
commit | 5c668309122e708f304aad959b6328bcaf586e31 (patch) | |
tree | 3d1c11e6b41ad0881c8fcf1ede0bba1ec5924346 /actionpack | |
parent | caf8dbc1591c64ae4fd9253a714903710f46f7ce (diff) | |
download | rails-5c668309122e708f304aad959b6328bcaf586e31.tar.gz rails-5c668309122e708f304aad959b6328bcaf586e31.tar.bz2 rails-5c668309122e708f304aad959b6328bcaf586e31.zip |
Cookie doesn't expire anymore unless a flag is set:
- There is a regression in 6.0 introduced by #32937 where cookie
doesn't expire anymore unless the new `use_cookies_with_metadata`
configuration is set to `true`.
This causes issue for app migration from 5.2 to 6.0 because the
`use_cookies_with_metadata` flag can't be set to true until all
servers are running on 6.0.
Here is a small reproduction script that you can run in the console
```ruby
ActionDispatch::Cookies
request = ActionDispatch::Request.empty
request.env["action_dispatch.key_generator"] = ActiveSupport::KeyGenerator.new('1234567890')
request.env["action_dispatch.signed_cookie_salt"] = 'signed cookie'
request.env["action_dispatch.cookies_rotations"] = ActiveSupport::Messages::RotationConfiguration.new
request.env["action_dispatch.use_authenticated_cookie_encryption"] = true
signed_cookie = request.cookie_jar.signed
signed_cookie[:foobar] = { value: '123', expires: 1.day.ago }
p signed_cookie[:foobar]
```
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 9 | ||||
-rw-r--r-- | actionpack/test/dispatch/cookies_test.rb | 11 |
2 files changed, 4 insertions, 16 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index cb28baa229..1611a8b3dd 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -488,13 +488,8 @@ module ActionDispatch end def cookie_metadata(name, options) - if request.use_cookies_with_metadata - metadata = expiry_options(options) - metadata[:purpose] = "cookie.#{name}" - - metadata - else - {} + expiry_options(options).tap do |metadata| + metadata[:purpose] = "cookie.#{name}" if request.use_cookies_with_metadata end end diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb index 8f9dbaf4b3..4aaac1320e 100644 --- a/actionpack/test/dispatch/cookies_test.rb +++ b/actionpack/test/dispatch/cookies_test.rb @@ -1193,11 +1193,7 @@ class CookiesTest < ActionController::TestCase get :encrypted_discount_and_user_id_cookie travel 2.hours - assert_equal 50, cookies.encrypted[:user_id] - - cookies[:discount_percentage] = cookies[:user_id] - assert_not_equal 10, cookies.encrypted[:discount_percentage] - assert_equal 50, cookies.encrypted[:discount_percentage] + assert_nil cookies.signed[:user_id] end def test_switch_off_metadata_for_signed_cookies_if_config_is_false @@ -1206,11 +1202,8 @@ class CookiesTest < ActionController::TestCase get :signed_discount_and_user_id_cookie travel 2.hours - assert_equal 50, cookies.signed[:user_id] - cookies[:discount_percentage] = cookies[:user_id] - assert_not_equal 10, cookies.signed[:discount_percentage] - assert_equal 50, cookies.signed[:discount_percentage] + assert_nil cookies.signed[:user_id] end def test_read_rails_5_2_stable_encrypted_cookies_if_config_is_false |