Added session :root key as a shortcut to cookie path attribute

mmcgrana · c33cf82500d662c0c3f39b500b8a04c812659143 · weavejester committed Jun 9, 2010 · Jun 9, 2010 · c33cf82
1 parent ec7aff1
commit c33cf82500d662c0c3f39b500b8a04c812659143
Unified Split

Showing with 19 additions and 5 deletions.

+6 −1 ring-core/src/ring/middleware/session.clj

+13 −4 ring-core/test/ring/middleware/session_test.clj
@@ -14,6 +14,10 @@
       An implementation map containing :read, :write, and :delete
       keys. This determines how the session is stored. Defaults to
       in-memory storage.
+    :root
+      The root path of the session. Anything path above this will not
+      be able to see this session. Equivalent to setting the cookie's
+      path attribute. Defaults to \"/\".
     :cookie-name
       The name of the cookie that holds the session key. Defaults to
       \"ring-session\"
@@ -25,7 +29,8 @@
   ([handler options]
      (let [store        (options :store (memory-store))
            cookie       (options :cookie-name "ring-session")
-           cookie-attrs (options :cookie-attrs {})]
+           session-root (options :root "/")
+           cookie-attrs (merge (options :cookie-attrs) {:path session-root})]
       (wrap-cookies
         (fn [request]
           (let [sess-key (get-in request [:cookies cookie :value])
@@ -43,7 +43,7 @@
         handler (wrap-session handler {:store store})
         response (handler {:cookies {}})]
     (is (= (get-in response [:headers "Set-Cookie"])
-           ["ring-session=foo%3Abar"]))))
+           ["ring-session=foo%3Abar;Path=/"]))))
 
 (deftest session-delete-outputs-cookie
   (let [store {:read   (constantly {:foo "bar"})
@@ -52,7 +52,7 @@
         handler (wrap-session handler {:store store})
         response (handler {:cookies {"ring-session" {:value "foo:bar"}}})]
     (is (= (get-in response [:headers "Set-Cookie"])
-           ["ring-session=deleted"]))))
+           ["ring-session=deleted;Path=/"]))))
 
 (deftest session-cookie-has-attributes
   (let [store {:read (constantly {})
@@ -61,7 +61,7 @@
 	handler (wrap-session handler {:store store :cookie-attrs {:max-age 5}})
 	response (handler {:cookies {}})]
     (is (= (get-in response [:headers "Set-Cookie"])
-	   ["ring-session=foo%3Abar;Max-Age=5"]))))
+	   ["ring-session=foo%3Abar;Path=/;Max-Age=5"]))))
 
 (deftest session-does-not-clobber-response-cookies
   (let [store {:read (constantly {})
@@ -71,4 +71,13 @@
 	handler (wrap-session handler {:store store :cookie-attrs {:max-age 5}})
 	response (handler {:cookies {}})]
     (is (= (get-in response [:headers "Set-Cookie"])
-	   ["ring-session=foo%3Abar;Max-Age=5" "cookie2=value2"]))))
+	   ["ring-session=foo%3Abar;Path=/;Max-Age=5" "cookie2=value2"]))))
+
+(deftest session-root-can-be-set
+  (let [store {:read (constantly {})
+	       :write (constantly "foo:bar")}
+	handler (constantly {:session {:foo "bar"}})
+	handler (wrap-session handler {:store store, :root "/foo"})
+	response (handler {:cookies {}})]
+    (is (= (get-in response [:headers "Set-Cookie"])
+	   ["ring-session=foo%3Abar;Path=/foo"]))))