2 files changed, 45 insertions, 9 deletions

diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 0a230fed2c..7ac608f0a8 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -90,17 +90,14 @@ module ActionDispatch
       # **.**, ***.** style TLDs like co.uk or com.au
       #
       # www.example.co.uk gives:
-      # $1 => example
-      # $2 => co.uk
+      # $& => example.co.uk
       #
       # example.com gives:
-      # $1 => example
-      # $2 => com
+      # $& => example.com
       #
       # lots.of.subdomains.example.local gives:
-      # $1 => example
-      # $2 => local
-      DOMAIN_REGEXP = /([^.]*)\.([^.]*|..\...|...\...)$/
+      # $& => example.local
+      DOMAIN_REGEXP = /[^.]*\.([^.]*|..\...|...\...)$/
 
       def self.build(request)
         secret = request.env[TOKEN_KEY]
@@ -131,10 +128,13 @@ module ActionDispatch
         options[:path] ||= "/"
 
         if options[:domain] == :all
+          # if there is a provided tld length then we use it otherwise default domain regexp
+          domain_regexp = options[:tld_length] ? /([^.]+\.?){#{options[:tld_length]}}$/ : DOMAIN_REGEXP
+
           # if host is not ip and matches domain regexp
           # (ip confirms to domain regexp so we explicitly check for ip)
-          options[:domain] = if (@host !~ /^[\d.]+$/) && (@host =~ DOMAIN_REGEXP)
-            ".#{$1}.#{$2}"
+          options[:domain] = if (@host !~ /^[\d.]+$/) && (@host =~ domain_regexp)
+            ".#{$&}"
           end
         elsif options[:domain].is_a? Array
           # if host matches one of the supplied domains without a dot in front of it
diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb
index 766dbe117d..1cfea6aa12 100644
--- a/actionpack/test/dispatch/cookies_test.rb
+++ b/actionpack/test/dispatch/cookies_test.rb
@@ -95,6 +95,16 @@ class CookiesTest < ActionController::TestCase
       head :ok
     end
 
+    def set_cookie_with_domain_and_tld
+      cookies[:user_name] = {:value => "rizwanreza", :domain => :all, :tld_length => 2}
+      head :ok
+    end
+
+    def delete_cookie_with_domain_and_tld
+      cookies.delete(:user_name, :domain => :all, :tld_length => 2)
+      head :ok
+    end
+
     def set_cookie_with_domains
       cookies[:user_name] = {:value => "rizwanreza", :domain => %w(example1.com example2.com .example3.com)}
       head :ok
@@ -332,6 +342,32 @@ class CookiesTest < ActionController::TestCase
     assert_cookie_header "user_name=; domain=.nextangle.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"
   end
 
+  def test_cookie_with_all_domain_option_and_tld_length
+    get :set_cookie_with_domain_and_tld
+    assert_response :success
+    assert_cookie_header "user_name=rizwanreza; domain=.nextangle.com; path=/"
+  end
+
+  def test_cookie_with_all_domain_option_using_a_non_standard_tld_and_tld_length
+    @request.host = "two.subdomains.nextangle.local"
+    get :set_cookie_with_domain_and_tld
+    assert_response :success
+    assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
+  end
+
+  def test_cookie_with_all_domain_option_using_host_with_port_and_tld_length
+    @request.host = "nextangle.local:3000"
+    get :set_cookie_with_domain_and_tld
+    assert_response :success
+    assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
+  end
+
+  def test_deleting_cookie_with_all_domain_option_and_tld_length
+    get :delete_cookie_with_domain_and_tld
+    assert_response :success
+    assert_cookie_header "user_name=; domain=.nextangle.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"
+  end
+
   def test_cookie_with_several_preset_domains_using_one_of_these_domains
     @request.host = "example1.com"
     get :set_cookie_with_domains