Permalink
Browse files

Added the APPLICATION_ROOT configuration variable which is used by se…

…ssion backends.
  • Loading branch information...
1 parent 45d963d commit c844d02f1c7558e959891de75494cffd22dc323f @mitsuhiko mitsuhiko committed Aug 25, 2011
Showing with 43 additions and 3 deletions.
  1. +1 −0 CHANGES
  2. +9 −1 docs/config.rst
  3. +1 −0 flask/app.py
  4. +10 −2 flask/sessions.py
  5. +22 −0 tests/flask_tests.py
View
@@ -32,6 +32,7 @@ Relase date to be decided, codename to be chosen.
conceptionally only instance depending and outside version control so it's
the perfect place to put configuration files etc. For more information
see :ref:`instance-folders`.
+- Added the ``APPLICATION_ROOT`` configuration variable.
Version 0.7.3
-------------
View
@@ -77,6 +77,13 @@ The following configuration values are used internally by Flask:
``SERVER_NAME`` the name and port number of the server.
Required for subdomain support (e.g.:
``'localhost:5000'``)
+``APPLICATION_ROOT`` If the application does not occupy
+ a whole domain or subdomain this can
+ be set to the path where the application
+ is configured to live. This is for
+ session cookie as path value. If
+ domains are used, this should be
+ ``None``.
``MAX_CONTENT_LENGTH`` If set to a value in bytes, Flask will
reject incoming requests with a
content length greater than this by
@@ -134,7 +141,8 @@ The following configuration values are used internally by Flask:
``PROPAGATE_EXCEPTIONS``, ``PRESERVE_CONTEXT_ON_EXCEPTION``
.. versionadded:: 0.8
- ``TRAP_BAD_REQUEST_ERRORS``, ``TRAP_HTTP_EXCEPTIONS``
+ ``TRAP_BAD_REQUEST_ERRORS``, ``TRAP_HTTP_EXCEPTIONS``,
+ ``APPLICATION_ROOT``
Configuring from Files
----------------------
View
@@ -236,6 +236,7 @@ class Flask(_PackageBoundObject):
'USE_X_SENDFILE': False,
'LOGGER_NAME': None,
'SERVER_NAME': None,
+ 'APPLICATION_ROOT': None,
'MAX_CONTENT_LENGTH': None,
'TRAP_BAD_REQUEST_ERRORS': False,
'TRAP_HTTP_EXCEPTIONS': False
View
@@ -127,6 +127,13 @@ def get_cookie_domain(self, app):
# chop of the port which is usually not supported by browsers
return '.' + app.config['SERVER_NAME'].rsplit(':', 1)[0]
+ def get_cookie_path(self, app):
+ """Returns the path for which the cookie should be valid. The
+ default implementation uses the value from the ``APPLICATION_ROOT``
+ configuration variable or uses ``/`` if it's `None`.
+ """
+ return app.config['APPLICATION_ROOT'] or '/'
+
def get_expiration_time(self, app, session):
"""A helper method that returns an expiration date for the session
or `None` if the session is linked to the browser session. The
@@ -169,9 +176,10 @@ def open_session(self, app, request):
def save_session(self, app, session, response):
expires = self.get_expiration_time(app, session)
domain = self.get_cookie_domain(app)
+ path = self.get_cookie_path(app)
if session.modified and not session:
- response.delete_cookie(app.session_cookie_name,
+ response.delete_cookie(app.session_cookie_name, path=path,
domain=domain)
else:
- session.save_cookie(response, app.session_cookie_name,
+ session.save_cookie(response, app.session_cookie_name, path=path,
expires=expires, httponly=True, domain=domain)
View
@@ -339,6 +339,28 @@ def index():
assert 'domain=.example.com' in rv.headers['set-cookie'].lower()
assert 'httponly' in rv.headers['set-cookie'].lower()
+ def test_session_using_application_root(self):
+ class PrefixPathMiddleware(object):
+ def __init__(self, app, prefix):
+ self.app = app
+ self.prefix = prefix
+ def __call__(self, environ, start_response):
+ environ['SCRIPT_NAME'] = self.prefix
+ return self.app(environ, start_response)
+
+ app = flask.Flask(__name__)
+ app.wsgi_app = PrefixPathMiddleware(app.wsgi_app, '/bar')
+ app.config.update(
+ SECRET_KEY='foo',
+ APPLICATION_ROOT='/bar'
+ )
+ @app.route('/')
+ def index():
+ flask.session['testing'] = 42
+ return 'Hello World'
+ rv = app.test_client().get('/', 'http://example.com:8080/')
+ assert 'path=/bar' in rv.headers['set-cookie'].lower()
+
def test_missing_session(self):
app = flask.Flask(__name__)
def expect_exception(f, *args, **kwargs):

0 comments on commit c844d02

Please sign in to comment.