Updated session middleware to allow session cookie attributes. Also f…

…ixed a bug in session middleware that would clobber response cookies. Added tests for both to session_test.clj.
mmcgrana · 30e2e900b76d113c3e7879280ee89dd434457752 · davidsantiago committed Mar 6, 2010 · Mar 6, 2010 · 30e2e90
1 parent 0591dc4
commit 30e2e900b76d113c3e7879280ee89dd434457752
Unified Split

Showing with 30 additions and 4 deletions.

+11 −4 ring-core/src/ring/middleware/session.clj

+19 −0 ring-core/test/ring/middleware/session_test.clj
@@ -16,12 +16,16 @@
       in-memory storage.
     :cookie-name
       The name of the cookie that holds the session key. Defaults to
-      \"ring-session\""
+      \"ring-session\"
+    :cookie-attrs
+      A map of attributes to associate with the session cookie. Defaults
+      to {}."
   ([handler]
     (wrap-session handler {}))
   ([handler options]
-    (let [store  (options :store (memory-store))
-          cookie (options :cookie-name "ring-session")]
+     (let [store        (options :store (memory-store))
+	   cookie       (options :cookie-name "ring-session")
+	   cookie-attrs (options :cookie-attrs {})]
       (wrap-cookies
         (fn [request]
           (let [sess-key (get-in request [:cookies cookie :value])
@@ -35,5 +39,8 @@
                                 ((store :delete) sess-key))))
                 response (dissoc response :session)]
               (if (and sess-key* (not= sess-key sess-key*))
-                (assoc response :cookies {cookie sess-key*})
+                (assoc response
+		  :cookies (merge (response :cookies)
+				  {cookie (merge cookie-attrs
+						 {:value sess-key*})}))
                 response)))))))
@@ -53,3 +53,22 @@
         response (handler {:cookies {"ring-session" {:value "foo:bar"}}})]
     (is (= (get-in response [:headers "Set-Cookie"])
            ["ring-session=\"deleted\""]))))
+
+(deftest session-cookie-has-attributes
+  (let [store {:read (constantly {})
+	       :write (constantly "foo:bar")}
+	handler (constantly {:session {:foo "bar"}})
+	handler (wrap-session handler {:store store :cookie-attrs {:max-age 5}})
+	response (handler {:cookies {}})]
+    (is (= (get-in response [:headers "Set-Cookie"])
+	   ["ring-session=\"foo:bar\";Max-Age=5"]))))
+
+(deftest session-does-not-clobber-response-cookies
+  (let [store {:read (constantly {})
+	       :write (constantly "foo:bar")}
+	handler (constantly {:session {:foo "bar"}
+			     :cookies {"cookie2" "value2"}})
+	handler (wrap-session handler {:store store :cookie-attrs {:max-age 5}})
+	response (handler {:cookies {}})]
+    (is (= (get-in response [:headers "Set-Cookie"])
+	   ["ring-session=\"foo:bar\";Max-Age=5" "cookie2=\"value2\""]))))