Ensure the cookie domain and path are properly set. Fixes #3197

pull/9/head
Khushboo Vashi 2018-03-15 13:59:29 -04:00 committed by Dave Page
parent 63ba3402e8
commit 9c4edb4a28
5 changed files with 24 additions and 4 deletions

View File

@ -32,6 +32,7 @@ from pgadmin.utils import PgAdminModule, driver
from pgadmin.utils.preferences import Preferences
from pgadmin.utils.session import create_session_interface, pga_unauthorised
from pgadmin.utils.versioned_template_loader import VersionedTemplateLoader
from pgadmin.utils.paths import get_cookie_path
# If script is running under python3, it will not have the xrange function
# defined
@ -576,7 +577,8 @@ def create_app(app_name=None):
@app.after_request
def after_request(response):
if 'key' in request.args:
response.set_cookie('PGADMIN_KEY', value=request.args['key'])
response.set_cookie('PGADMIN_KEY', value=request.args['key'],
path=get_cookie_path(), domain=request.host)
return response

View File

@ -37,6 +37,7 @@ from pgadmin.settings import get_setting
from pgadmin.utils import PgAdminModule
from pgadmin.utils.ajax import make_json_response
from pgadmin.utils.preferences import Preferences
from pgadmin.utils.paths import get_cookie_path
try:
import urllib.request as urlreq
@ -798,7 +799,8 @@ def index():
if user_languages:
language = user_languages.get() or 'en'
response.set_cookie("PGADMIN_LANGUAGE", language)
response.set_cookie("PGADMIN_LANGUAGE", value=language,
path=get_cookie_path(), domain=request.host)
return response

View File

@ -21,6 +21,7 @@ from pgadmin.utils.ajax import success_return, \
make_response as ajax_response, internal_server_error
from pgadmin.utils.menu import MenuItem
from pgadmin.utils.preferences import Preferences
from pgadmin.utils.paths import get_cookie_path
MODULE_NAME = 'preferences'
@ -199,6 +200,8 @@ def save(pid):
language = user_languages.get() or language
setattr(session, 'PGADMIN_LANGUAGE', language)
response.set_cookie("PGADMIN_LANGUAGE", language)
response.set_cookie("PGADMIN_LANGUAGE", value=language,
path=get_cookie_path(),
domain=request.host)
return response

View File

@ -11,6 +11,7 @@
import os
from flask import url_for
from flask_security import current_user, login_required
@ -75,3 +76,13 @@ def init_app(app):
'The user does not have permission to read and write to the '
'specified storage directory.'
)
def get_cookie_path():
cookie_root_path = '/'
pgadmin_root_path = url_for('browser.index')
if pgadmin_root_path != '/browser/':
cookie_root_path = pgadmin_root_path.replace(
'/browser/', ''
)
return cookie_root_path

View File

@ -27,6 +27,7 @@ from uuid import uuid4
from flask import current_app, request, flash, redirect
from flask_login import login_url
from pgadmin.utils.ajax import make_json_response
from pgadmin.utils.paths import get_cookie_path
try:
from cPickle import dump, load
@ -291,7 +292,8 @@ class ManagedSessionInterface(SessionInterface):
response.set_cookie(
app.session_cookie_name,
'%s!%s' % (session.sid, session.hmac_digest),
expires=cookie_exp, httponly=True, domain=domain
expires=cookie_exp, httponly=True, domain=domain,
path=get_cookie_path()
)