Skip to content

Commit

Permalink
Fix to handle same_site option for session pool
Browse files Browse the repository at this point in the history
Follow up of #1543.
  • Loading branch information
kamipo authored and ioquatix committed Feb 10, 2020
1 parent a9b223b commit a0d57d4
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 1 deletion.
1 change: 1 addition & 0 deletions lib/rack/session/abstract/id.rb
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,7 @@ def initialize(app, options = {})
@default_options = self.class::DEFAULT_OPTIONS.merge(options)
@key = @default_options.delete(:key)
@cookie_only = @default_options.delete(:cookie_only)
@same_site = @default_options.delete(:same_site)
initialize_sid
end

Expand Down
1 change: 0 additions & 1 deletion lib/rack/session/cookie.rb
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,6 @@ def initialize(app, options = {})
Called from: #{caller[0]}.
MSG
@coder = options[:coder] ||= Base64::Marshal.new
@same_site = options.delete :same_site
super(app, options.merge!(cookie_only: true))
end

Expand Down
19 changes: 19 additions & 0 deletions test/spec_session_pool.rb
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,25 @@
pool.pool[session_id.public_id].must_be_nil
end

it "passes through same_site option to session pool" do
pool = Rack::Session::Pool.new(incrementor, same_site: :none)
req = Rack::MockRequest.new(pool)
res = req.get("/")
res["Set-Cookie"].must_include "SameSite=None"
end

it "allows using a lambda to specify same_site option, because some browsers require different settings" do
pool = Rack::Session::Pool.new(incrementor, same_site: lambda { |req, res| :none })
req = Rack::MockRequest.new(pool)
res = req.get("/")
res["Set-Cookie"].must_include "SameSite=None"

pool = Rack::Session::Pool.new(incrementor, same_site: lambda { |req, res| :lax })
req = Rack::MockRequest.new(pool)
res = req.get("/")
res["Set-Cookie"].must_include "SameSite=Lax"
end

# anyone know how to do this better?
it "should merge sessions when multithreaded" do
unless $DEBUG
Expand Down

0 comments on commit a0d57d4

Please sign in to comment.