diff options
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware/cookies.rb')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 45 |
1 files changed, 39 insertions, 6 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 87e8dd5010..d69ba39728 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -45,7 +45,16 @@ module ActionDispatch # * <tt>:value</tt> - The cookie's value or list of values (as an array). # * <tt>:path</tt> - The path for which this cookie applies. Defaults to the root # of the application. - # * <tt>:domain</tt> - The domain for which this cookie applies. + # * <tt>:domain</tt> - The domain for which this cookie applies so you can + # restrict to the domain level. If you use a schema like www.example.com + # and want to share session with user.example.com set <tt>:domain</tt> + # to <tt>:all</tt>. Make sure to specify the <tt>:domain</tt> option with + # <tt>:all</tt> again when deleting keys. + # + # :domain => nil # Does not sets cookie domain. (default) + # :domain => :all # Allow the cookie for the top most level + # domain and subdomains. + # # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object. # * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers. # Default is +false+. @@ -54,22 +63,34 @@ module ActionDispatch class Cookies HTTP_HEADER = "Set-Cookie".freeze TOKEN_KEY = "action_dispatch.secret_token".freeze - + # Raised when storing more than 4K of session data. class CookieOverflow < StandardError; end class CookieJar < Hash #:nodoc: + + # This regular expression is used to split the levels of a domain + # So www.example.co.uk gives: + # $1 => www. + # $2 => example + # $3 => co.uk + DOMAIN_REGEXP = /^(.*\.)*(.*)\.(...|...\...|....|..\...|..)$/ + def self.build(request) secret = request.env[TOKEN_KEY] - new(secret).tap do |hash| + host = request.env["HTTP_HOST"] + + new(secret, host).tap do |hash| hash.update(request.cookies) end end - def initialize(secret=nil) + def initialize(secret = nil, host = nil) @secret = secret @set_cookies = {} @delete_cookies = {} + @host = host + super() end @@ -78,6 +99,15 @@ module ActionDispatch super(name.to_s) end + def handle_options(options) #:nodoc: + options[:path] ||= "/" + + if options[:domain] == :all + @host =~ DOMAIN_REGEXP + options[:domain] = ".#{$2}.#{$3}" + end + end + # Sets the cookie named +name+. The second argument may be the very cookie # value, or a hash of options as documented above. def []=(key, options) @@ -91,7 +121,8 @@ module ActionDispatch value = super(key.to_s, value) - options[:path] ||= "/" + handle_options(options) + @set_cookies[key] = options @delete_cookies.delete(key) value @@ -102,7 +133,9 @@ module ActionDispatch # an options hash to delete cookies with extra data such as a <tt>:path</tt>. def delete(key, options = {}) options.symbolize_keys! - options[:path] ||= "/" + + handle_options(options) + value = super(key.to_s) @delete_cookies[key] = options value |