Ensure the cookie domain and path are properly set. Fixes #3197

2018-03-15 13:59:29 -04:00 · 2018-03-15 13:59:29 -04:00 · 9c4edb4a28
parent 63ba3402e8
commit 9c4edb4a28
5 changed files with 24 additions and 4 deletions
--- a/web/pgadmin/init.py
+++ b/web/pgadmin/init.py
@ -32,6 +32,7 @@ from pgadmin.utils import PgAdminModule, driver
 from pgadmin.utils.preferences import Preferences
 from pgadmin.utils.session import create_session_interface, pga_unauthorised
 from pgadmin.utils.versioned_template_loader import VersionedTemplateLoader
+from pgadmin.utils.paths import get_cookie_path

 # If script is running under python3, it will not have the xrange function
 # defined
@ -576,7 +577,8 @@ def create_app(app_name=None):
    @app.after_request
    def after_request(response):
        if 'key' in request.args:
-            response.set_cookie('PGADMIN_KEY', value=request.args['key'])
+            response.set_cookie('PGADMIN_KEY', value=request.args['key'],
+                                path=get_cookie_path(), domain=request.host)

        return response

--- a/web/pgadmin/browser/init.py
+++ b/web/pgadmin/browser/init.py
@ -37,6 +37,7 @@ from pgadmin.settings import get_setting
 from pgadmin.utils import PgAdminModule
 from pgadmin.utils.ajax import make_json_response
 from pgadmin.utils.preferences import Preferences
+from pgadmin.utils.paths import get_cookie_path

 try:
    import urllib.request as urlreq
@ -798,7 +799,8 @@ def index():
    if user_languages:
        language = user_languages.get() or 'en'

-    response.set_cookie("PGADMIN_LANGUAGE", language)
+    response.set_cookie("PGADMIN_LANGUAGE", value=language,
+                        path=get_cookie_path(), domain=request.host)

    return response

--- a/web/pgadmin/preferences/init.py
+++ b/web/pgadmin/preferences/init.py
@ -21,6 +21,7 @@ from pgadmin.utils.ajax import success_return, \
    make_response as ajax_response, internal_server_error
 from pgadmin.utils.menu import MenuItem
 from pgadmin.utils.preferences import Preferences
+from pgadmin.utils.paths import get_cookie_path

 MODULE_NAME = 'preferences'

@ -199,6 +200,8 @@ def save(pid):
        language = user_languages.get() or language

    setattr(session, 'PGADMIN_LANGUAGE', language)
-    response.set_cookie("PGADMIN_LANGUAGE", language)
+    response.set_cookie("PGADMIN_LANGUAGE", value=language,
+                        path=get_cookie_path(),
+                        domain=request.host)

    return response
--- a/web/pgadmin/utils/paths.py
+++ b/web/pgadmin/utils/paths.py
@ -11,6 +11,7 @@

 import os

+from flask import url_for
 from flask_security import current_user, login_required


@ -75,3 +76,13 @@ def init_app(app):
            'The user does not have permission to read and write to the '
            'specified storage directory.'
        )
+
+
+def get_cookie_path():
+    cookie_root_path = '/'
+    pgadmin_root_path = url_for('browser.index')
+    if pgadmin_root_path != '/browser/':
+        cookie_root_path = pgadmin_root_path.replace(
+            '/browser/', ''
+        )
+    return cookie_root_path
--- a/web/pgadmin/utils/session.py
+++ b/web/pgadmin/utils/session.py
@ -27,6 +27,7 @@ from uuid import uuid4
 from flask import current_app, request, flash, redirect
 from flask_login import login_url
 from pgadmin.utils.ajax import make_json_response
+from pgadmin.utils.paths import get_cookie_path

 try:
    from cPickle import dump, load
@ -291,7 +292,8 @@ class ManagedSessionInterface(SessionInterface):
        response.set_cookie(
            app.session_cookie_name,
            '%s!%s' % (session.sid, session.hmac_digest),
-            expires=cookie_exp, httponly=True, domain=domain
+            expires=cookie_exp, httponly=True, domain=domain,
+            path=get_cookie_path()
        )