diff options
author | Michal Bryxí <michal.bryxi@gmail.com> | 2014-06-12 23:37:19 +0200 |
---|---|---|
committer | Michal Bryxí <michal.bryxi@gmail.com> | 2014-06-12 23:37:19 +0200 |
commit | 241ce2d1338fda38fc229e18244af9c51430a51f (patch) | |
tree | 7d4a9eb4df5efbe794258fdc53434591813ab8b2 | |
parent | 93e7d7a9bec530b01c72d8f87761e9e2929d2f8c (diff) | |
download | rack-241ce2d1338fda38fc229e18244af9c51430a51f.tar.gz |
max-age settings forces Set-Cookie parameter
With patch https://github.com/rack/rack/commit/74e0acd36353cf619bf56fce17bcb9ef1ab30547, there is ability on rack to set max-age parameter. Which is fine. Unfortunately this parameter is sent to browser only when the session cookie is created. Which is afaik wrong. You usually want to refresh the cookie with each page request. And setting 'expires' parameter behaves in this way as well. So this patch doest: 1) When max-age parameter is present, the Set-Cookie HTTP header is sent with each request 2) When both max-age and expires parameter are set, max-age has precedence 3) Added max-age conversion to string where aplicable, because user might not want to use string for "time interval"
-rw-r--r-- | lib/rack/session/abstract/id.rb | 4 | ||||
-rw-r--r-- | lib/rack/utils.rb | 6 |
2 files changed, 6 insertions, 4 deletions
diff --git a/lib/rack/session/abstract/id.rb b/lib/rack/session/abstract/id.rb index e9edeb7f..dfad56a7 100644 --- a/lib/rack/session/abstract/id.rb +++ b/lib/rack/session/abstract/id.rb @@ -310,7 +310,8 @@ module Rack end def force_options?(options) - options.values_at(:renew, :drop, :defer, :expire_after).any? +return true + options.values_at(:max_age, :renew, :drop, :defer, :expire_after).any? end def security_matches?(env, options) @@ -347,6 +348,7 @@ module Rack cookie = Hash.new cookie[:value] = data cookie[:expires] = Time.now + options[:expire_after] if options[:expire_after] + cookie[:expires] = Time.now + options[:max_age] if options[:max_age] set_cookie(env, headers, cookie.merge!(options)) end diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb index 6c2bf907..61b10f44 100644 --- a/lib/rack/utils.rb +++ b/lib/rack/utils.rb @@ -247,9 +247,9 @@ module Rack def set_cookie_header!(header, key, value) case value when Hash - domain = "; domain=" + value[:domain] if value[:domain] - path = "; path=" + value[:path] if value[:path] - max_age = "; max-age=" + value[:max_age] if value[:max_age] + domain = "; domain=" + value[:domain] if value[:domain] + path = "; path=" + value[:path] if value[:path] + max_age = "; max-age=" + value[:max_age].to_s if value[:max_age] # There is an RFC mess in the area of date formatting for Cookies. Not # only are there contradicting RFCs and examples within RFC text, but # there are also numerous conflicting names of fields and partially |