Hello,

I was checking the code for the InsecureCookiePlugin, when I found that it 
always sets the cookie for the root directory ("/"), so I'm attaching a patch 
to enable custom paths for these cookies, since they're sometimes needed.

Cheers.
-- 
Gustavo Narea.
http://gustavonarea.net/

Get rid of unethical constraints! Switch to Freedomware:
http://softwareliberty.com/
Index: repoze/who/plugins/cookie.py
===================================================================
--- repoze/who/plugins/cookie.py	(revision 1626)
+++ repoze/who/plugins/cookie.py	(working copy)
@@ -10,8 +10,9 @@
 
     implements(IIdentifier)
     
-    def __init__(self, cookie_name):
+    def __init__(self, cookie_name, cookie_path="/"):
         self.cookie_name = cookie_name
+        self.cookie_path = cookie_path
 
     # IIdentifier
     def identify(self, environ):
@@ -35,8 +36,8 @@
     # IIdentifier
     def forget(self, environ, identity):
         # return a expires Set-Cookie header
-        expired = ('%s=""; Path=/; Expires=Sun, 10-May-1971 11:59:00 GMT' %
-                   self.cookie_name)
+        expired = ('%s=""; Path=%s; Expires=Sun, 10-May-1971 11:59:00 GMT' %
+                   self.cookie_name, self.cookie_path)
         return [('Set-Cookie', expired)]
     
     # IIdentifier
@@ -48,7 +49,8 @@
         value = getattr(existing, 'value', None)
         if value != cookie_value:
             # return a Set-Cookie header
-            set_cookie = '%s=%s; Path=/;' % (self.cookie_name, cookie_value)
+            set_cookie = '%s=%s; Path=%s;' % (self.cookie_name, cookie_value,
+                                              self.cookie_path)
             return [('Set-Cookie', set_cookie)]
 
     def __repr__(self):

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

Reply via email to