Module: SafeCookies::CookiePathFix

Included in:
Middleware
Defined in:
lib/safe_cookies/cookie_path_fix.rb

Instance Method Summary collapse

Instance Method Details

#delete_cookies_on_bad_pathObject

Previously, the SafeCookies gem would not set a path when rewriting cookies. Browsers then would assume and store the current “directory” (see below), leading to multiple cookies per domain.

If the cookies were secured before the configured datetime, this method instructs the client to delete all cookies it sent with the request and that we are able to rewrite, plus the SECURED_COOKIE_NAME helper cookie.

The middleware still sees the request cookies and will rewrite them as if it hadn’t seen them before, setting them on the correct path (root, by default).



15
16
17
18
19
20
21
22
 
# File 'lib/safe_cookies/cookie_path_fix.rb', line 15

def delete_cookies_on_bad_path
  rewritable_request_cookies.keys.each &method(:delete_cookie_for_current_directory)
  delete_cookie_for_current_directory(SafeCookies::SECURED_COOKIE_NAME)

  # Delete this cookie here, so the middleware believes it hasn't secured
  # the cookies yet.
  @request.cookies.delete(SafeCookies::SECURED_COOKIE_NAME)
end