Merge pull request #66 from ivandervisevic/fix_cookie_deleted_domain

Thank you
alex-oleshkevich · Sep 28, 2023 · a283b88 · a283b88
2 parents b002235 + ac49991
commit a283b88
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 4 deletions.
diff --git a/starsessions/middleware.py b/starsessions/middleware.py
@@ -94,11 +94,15 @@ async def send_wrapper(message: Message) -> None:
                 # we have to remove the cookie and clear the storage
                 if not self.cookie_path or self.cookie_path and scope["path"].startswith(self.cookie_path):
                     headers = MutableHeaders(scope=message)
-                    header_value = "{}={}; {}".format(
-                        self.cookie_name,
-                        f"null; path={path}; expires=Thu, 01 Jan 1970 00:00:00 GMT;",
+                    header_parts = [
+                        f"{self.cookie_name}=''",
+                        f"path={path}",
+                        "expires=Thu, 01 Jan 1970 00:00:00 GMT",
                         self.security_flags,
-                    )
+                    ]
+                    if self.cookie_domain:
+                        header_parts.append(f"domain={self.cookie_domain}")
+                    header_value = "; ".join(header_parts)
                     headers.append("Set-Cookie", header_value)
                     await handler.destroy()
                 await send(message)

diff --git a/tests/test_middleware.py b/tests/test_middleware.py
@@ -102,6 +102,25 @@ async def app(scope: Scope, receive: Receive, send: Send) -> None:
     assert "01 Jan 1970 00:00:00 GMT" in response.headers.get("set-cookie")
 
 
+def test_send_cookie_with_domain_if_session_destroyed_and_domain_set(store: SessionStore) -> None:
+    async def app(scope: Scope, receive: Receive, send: Send) -> None:
+        connection = HTTPConnection(scope, receive)
+
+        await store.write("session_id", b'{"key2": "value2"}', lifetime=60, ttl=60)
+        await load_session(connection)
+
+        connection.session.clear()
+        response = Response("")
+        await response(scope, receive, send)
+
+    app = SessionMiddleware(app, store=store, cookie_domain="example.com")
+    client = TestClient(app)
+    response = client.get("/", cookies={"session": "session_id"})
+    assert "session" in response.headers.get("set-cookie")
+    assert "01 Jan 1970 00:00:00 GMT" in response.headers.get("set-cookie")
+    assert "domain=example.com" in response.headers["set-cookie"].lower()
+
+
 @pytest.mark.asyncio
 async def test_will_clear_storage_if_session_destroyed(store: SessionStore) -> None:
     async def app(scope: Scope, receive: Receive, send: Send) -> None: