From bfeee756967ba1f6a74a6f2f4c3c617b4c0c4245 Mon Sep 17 00:00:00 2001
From: Armin Ronacher <armin.ronacher@active-4.com>
Date: Tue, 29 Jan 2013 19:31:45 +0000
Subject: [PATCH] Changed session cookie defaults to work better with google
 chrome

---
 CHANGES                  |  2 ++
 flask/sessions.py        | 10 ++++++++++
 flask/testsuite/basic.py | 16 ++++++++++++++++
 3 files changed, 28 insertions(+)

diff --git a/CHANGES b/CHANGES
index 33013bdd9a..bbf51704a7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -49,6 +49,8 @@ Release date to be decided.
   exception is passed through.
 - Added a workaround for chrome's cookies in localhost not working
   as intended with domain names.
+- Changed logic for picking defaults for cookie values from sessions
+  to work better with Google Chrome.
 
 Version 0.9
 -----------
diff --git a/flask/sessions.py b/flask/sessions.py
index ea2e999f51..4a156d3619 100644
--- a/flask/sessions.py
+++ b/flask/sessions.py
@@ -193,11 +193,21 @@ def get_cookie_domain(self, app):
         if app.config['SERVER_NAME'] is not None:
             # chop of the port which is usually not supported by browsers
             rv = '.' + app.config['SERVER_NAME'].rsplit(':', 1)[0]
+
             # Google chrome does not like cookies set to .localhost, so
             # we just go with no domain then.  Flask documents anyways that
             # cross domain cookies need a fully qualified domain name
             if rv == '.localhost':
                 rv = None
+
+            # If we infer the cookie domain from the server name we need
+            # to check if we are in a subpath.  In that case we can't
+            # set a cross domain cookie.
+            if rv is not None:
+                path = self.get_cookie_path(app)
+                if path != '/':
+                    rv = rv.lstrip('.')
+
             return rv
 
     def get_cookie_path(self, app):
diff --git a/flask/testsuite/basic.py b/flask/testsuite/basic.py
index efee244a94..aaf02fcea5 100644
--- a/flask/testsuite/basic.py
+++ b/flask/testsuite/basic.py
@@ -190,6 +190,22 @@ def index():
         self.assert_('domain=.example.com' in rv.headers['set-cookie'].lower())
         self.assert_('httponly' in rv.headers['set-cookie'].lower())
 
+    def test_session_using_server_name_port_and_path(self):
+        app = flask.Flask(__name__)
+        app.config.update(
+            SECRET_KEY='foo',
+            SERVER_NAME='example.com:8080',
+            APPLICATION_ROOT='/foo'
+        )
+        @app.route('/')
+        def index():
+            flask.session['testing'] = 42
+            return 'Hello World'
+        rv = app.test_client().get('/', 'http://example.com:8080/foo')
+        self.assert_('domain=example.com' in rv.headers['set-cookie'].lower())
+        self.assert_('path=/foo' in rv.headers['set-cookie'].lower())
+        self.assert_('httponly' in rv.headers['set-cookie'].lower())
+
     def test_session_using_application_root(self):
         class PrefixPathMiddleware(object):
             def __init__(self, app, prefix):