refactor session cookie domain logic

cache result of session cookie domain add warnings for session cookie domain issues add changelog
2017-05-13 21:31:46 -07:00 · 2017-05-13 21:31:46 -07:00 · f75ad9fca2
commit f75ad9fca2
parent c3d49e29ea
4 changed files with 106 additions and 32 deletions
--- a/tests/test_basic.py
+++ b/tests/test_basic.py
@ -351,6 +351,42 @@ def test_session_using_session_settings():
    assert 'httponly' not in cookie


+def test_session_localhost_warning(recwarn):
+    app = flask.Flask(__name__)
+    app.config.update(
+        SECRET_KEY='testing',
+        SERVER_NAME='localhost:5000',
+    )
+
+    @app.route('/')
+    def index():
+        flask.session['testing'] = 42
+        return 'testing'
+
+    rv = app.test_client().get('/', 'http://localhost:5000/')
+    assert 'domain' not in rv.headers['set-cookie'].lower()
+    w = recwarn.pop(UserWarning)
+    assert '"localhost" is not a valid cookie domain' in str(w.message)
+
+
+def test_session_ip_warning(recwarn):
+    app = flask.Flask(__name__)
+    app.config.update(
+        SECRET_KEY='testing',
+        SERVER_NAME='127.0.0.1:5000',
+    )
+
+    @app.route('/')
+    def index():
+        flask.session['testing'] = 42
+        return 'testing'
+
+    rv = app.test_client().get('/', 'http://127.0.0.1:5000/')
+    assert 'domain=127.0.0.1' in rv.headers['set-cookie'].lower()
+    w = recwarn.pop(UserWarning)
+    assert 'cookie domain is an IP' in str(w.message)
+
+
 def test_missing_session():
    app = flask.Flask(__name__)