diff options
4 files changed, 47 insertions, 2 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 562b1dba3d..967bd76025 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,7 +1,10 @@ -Rails 3.0.0 [Release Candidate] (unreleased)* +*Rails 3.0.0 [Release Candidate] (unreleased)* + +* Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. #4818 [Guillermo Álvarez] * Removed textilize, textilize_without_paragraph and markdown helpers. [Santiago Pastorino] + *Rails 3.0.0 [beta 4] (June 8th, 2010)* * Remove middleware laziness [José Valim] diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb index 3e8d64b0c6..040a83f7a6 100644 --- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb @@ -121,7 +121,12 @@ module ActionDispatch unless options[:expire_after].nil? cookie[:expires] = Time.now + options.delete(:expire_after) end - + + if options[:domain] == :all + top_level_domain = env["HTTP_HOST"].split('.')[-2..-1].join('.') + options[:domain] = ".#{top_level_domain}" + end + request = ActionDispatch::Request.new(env) set_cookie(request, cookie.merge!(options)) end diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb index 92a86ee229..0fc63d026f 100644 --- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb @@ -34,6 +34,14 @@ module ActionDispatch # integrity defaults to 'SHA1' but may be any digest provided by OpenSSL, # such as 'MD5', 'RIPEMD160', 'SHA256', etc. # + # * <tt>:domain</tt>: Restrict the session cookie to certain domain level. + # If you use a schema like www.example.com and wants to share session + # with user.example.com set <tt>:domain</tt> to <tt>:all</tt> + # + # :domain => nil # Does not sets cookie domain. (default) + # :domain => :all # Allow the cookie for the top most level + # domain and subdomains. + # # To generate a secret key for an existing application, run # "rake secret" and set the key in config/environment.rb. # diff --git a/actionpack/test/dispatch/session/cookie_store_test.rb b/actionpack/test/dispatch/session/cookie_store_test.rb index 21d11ff31c..b542824789 100644 --- a/actionpack/test/dispatch/session/cookie_store_test.rb +++ b/actionpack/test/dispatch/session/cookie_store_test.rb @@ -185,6 +185,35 @@ class CookieStoreTest < ActionController::IntegrationTest end end + def test_session_store_with_explicit_domain + with_test_route_set(:domain => "example.es") do + get '/set_session_value' + assert_match /domain=example\.es/, headers['Set-Cookie'] + headers['Set-Cookie'] + end + end + + def test_session_store_without_domain + with_test_route_set do + get '/set_session_value' + assert_no_match /domain\=/, headers['Set-Cookie'] + end + end + + def test_session_store_with_nil_domain + with_test_route_set(:domain => nil) do + get '/set_session_value' + assert_no_match /domain\=/, headers['Set-Cookie'] + end + end + + def test_session_store_with_all_domains + with_test_route_set(:domain => :all) do + get '/set_session_value' + assert_match /domain=\.example\.com/, headers['Set-Cookie'] + end + end + private # Overwrite get to send SessionSecret in env hash |