Add support for multi-subdomain session by setting cookie host in session...

Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. [#4818 state:resolved] This reverts commit 330a8907.

Add support for multi-subdomain session by setting cookie host in session...
Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. [#4818 state:resolved] This reverts commit 330a8907.
44830ead · Rizwan Reza · José Valim · b69a2db9 · 44830ead · 44830ead
4 changed file
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
-Rails 3.0.0 [Release Candidate] (unreleased)*
+*Rails 3.0.0 [Release Candidate] (unreleased)*
+
+* Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. #4818 [Guillermo Álvarez]

 * Removed textilize, textilize_without_paragraph and markdown helpers. [Santiago Pastorino]

+
 *Rails 3.0.0 [beta 4] (June 8th, 2010)*

 * Remove middleware laziness [José Valim]

--- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -121,7 +121,12 @@ def call(env)
          unless options[:expire_after].nil?
            cookie[:expires] = Time.now + options.delete(:expire_after)
          end
-
+          
+          if options[:domain] == :all
+            top_level_domain = env["HTTP_HOST"].split('.')[-2..-1].join('.')
+            options[:domain] = ".#{top_level_domain}"
+          end
+          
          request = ActionDispatch::Request.new(env)
          set_cookie(request, cookie.merge!(options))
        end

--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -34,6 +34,14 @@ module Session
    #   integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,
    #   such as 'MD5', 'RIPEMD160', 'SHA256', etc.
    #
+    # * <tt>:domain</tt>: Restrict the session cookie to certain domain level.
+    #   If you use a schema like www.example.com and wants to share session 
+    #   with user.example.com set <tt>:domain</tt> to <tt>:all</tt>
+    #     
+    #     :domain => nil  # Does not sets cookie domain. (default)
+    #     :domain => :all # Allow the cookie for the top most level
+    #                       domain and subdomains.
+    #
    # To generate a secret key for an existing application, run
    # "rake secret" and set the key in config/environment.rb.
    #

--- a/actionpack/test/dispatch/session/cookie_store_test.rb
+++ b/actionpack/test/dispatch/session/cookie_store_test.rb
@@ -185,6 +185,35 @@ def test_session_store_with_expire_after
    end
  end

+  def test_session_store_with_explicit_domain
+    with_test_route_set(:domain => "example.es") do
+      get '/set_session_value'
+      assert_match /domain=example\.es/, headers['Set-Cookie']
+      headers['Set-Cookie']
+    end
+  end
+  
+  def test_session_store_without_domain 
+    with_test_route_set do
+      get '/set_session_value'
+      assert_no_match /domain\=/, headers['Set-Cookie']
+    end
+  end
+  
+  def test_session_store_with_nil_domain
+    with_test_route_set(:domain => nil) do
+      get '/set_session_value'
+      assert_no_match /domain\=/, headers['Set-Cookie']
+    end
+  end
+  
+  def test_session_store_with_all_domains
+    with_test_route_set(:domain => :all) do
+      get '/set_session_value'
+      assert_match /domain=\.example\.com/, headers['Set-Cookie']
+    end
+  end
+  
  private

    # Overwrite get to send SessionSecret in env hash