From f99132663b2ceee56f6e02ada396a911e4e20da2 Mon Sep 17 00:00:00 2001 From: Rizwan Reza Date: Fri, 11 Jun 2010 13:30:35 +0430 Subject: [PATCH] Took out the domain option logic to cookies.rb. --- .../lib/action_dispatch/middleware/cookies.rb | 34 +++++++++++++++++-- .../middleware/session/abstract_store.rb | 12 ------- .../middleware/session/cookie_store.rb | 8 ----- 3 files changed, 32 insertions(+), 22 deletions(-) diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 87e8dd5010..0ba4bc7782 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -45,7 +45,15 @@ module ActionDispatch # * :value - The cookie's value or list of values (as an array). # * :path - The path for which this cookie applies. Defaults to the root # of the application. - # * :domain - The domain for which this cookie applies. + # * :domain - The domain for which this cookie applies so you can + # restrict to the domain level. If you use a schema like www.example.com + # and want to share session with user.example.com set :domain + # to :all + # + # :domain => nil # Does not sets cookie domain. (default) + # :domain => :all # Allow the cookie for the top most level + # domain and subdomains. + # # * :expires - The time at which this cookie expires, as a Time object. # * :secure - Whether this cookie is a only transmitted to HTTPS servers. # Default is +false+. @@ -54,13 +62,22 @@ module ActionDispatch class Cookies HTTP_HEADER = "Set-Cookie".freeze TOKEN_KEY = "action_dispatch.secret_token".freeze - + # Raised when storing more than 4K of session data. class CookieOverflow < StandardError; end class CookieJar < Hash #:nodoc: + + # This regular expression is used to split the levels of a domain + # So www.example.co.uk gives: + # $1 => www. + # $2 => example + # $3 => co.uk + DOMAIN_REGEXP = /^(.*\.)*(.*)\.(...|...\...|....|..\...|..)$/ + def self.build(request) secret = request.env[TOKEN_KEY] + @@host = request.env["HTTP_HOST"] new(secret).tap do |hash| hash.update(request.cookies) end @@ -70,6 +87,7 @@ module ActionDispatch @secret = secret @set_cookies = {} @delete_cookies = {} + super() end @@ -92,6 +110,12 @@ module ActionDispatch value = super(key.to_s, value) options[:path] ||= "/" + + if options[:domain] == :all + @@host =~ DOMAIN_REGEXP + options[:domain] = ".#{$2}.#{$3}" + end + @set_cookies[key] = options @delete_cookies.delete(key) value @@ -103,6 +127,12 @@ module ActionDispatch def delete(key, options = {}) options.symbolize_keys! options[:path] ||= "/" + + if options[:domain] == :all + @@host =~ DOMAIN_REGEXP + options[:domain] = ".#{$2}.#{$3}" + end + value = super(key.to_s) @delete_cookies[key] = options value diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb index b03244d025..3e8d64b0c6 100644 --- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb @@ -93,13 +93,6 @@ module ActionDispatch :cookie_only => true } - # This regular expression is used to split the levels of a domain: - # So www.example.co.uk gives: - # $1 => www. - # $2 => example - # $3 => co.uk - DOMAIN_REGEXP = /^(.*\.)*(.*)\.(...|...\...|....|..\...|..)$/ - def initialize(app, options = {}) @app = app @default_options = DEFAULT_OPTIONS.merge(options) @@ -129,11 +122,6 @@ module ActionDispatch cookie[:expires] = Time.now + options.delete(:expire_after) end - if options[:domain] == :all - env["HTTP_HOST"] =~ DOMAIN_REGEXP - options[:domain] = ".#{$2}.#{$3}" - end - request = ActionDispatch::Request.new(env) set_cookie(request, cookie.merge!(options)) end diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb index 0fc63d026f..92a86ee229 100644 --- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb @@ -34,14 +34,6 @@ module ActionDispatch # integrity defaults to 'SHA1' but may be any digest provided by OpenSSL, # such as 'MD5', 'RIPEMD160', 'SHA256', etc. # - # * :domain: Restrict the session cookie to certain domain level. - # If you use a schema like www.example.com and wants to share session - # with user.example.com set :domain to :all - # - # :domain => nil # Does not sets cookie domain. (default) - # :domain => :all # Allow the cookie for the top most level - # domain and subdomains. - # # To generate a secret key for an existing application, run # "rake secret" and set the key in config/environment.rb. #