From 5920df909ef37712f6f687cddd2694992e21e532 Mon Sep 17 00:00:00 2001 From: zhangpenghao-pd Date: Fri, 18 May 2018 13:02:36 +0800 Subject: [PATCH] fix cookie bug when domain is such as 'subsubdomain.subdomain.localhost.com' Former-commit-id: 3a19ba09098cdc0f01299126d05c8d6d6387415b --- sessions/cookie.go | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/sessions/cookie.go b/sessions/cookie.go index 0d2363dd..5a0bf359 100644 --- a/sessions/cookie.go +++ b/sessions/cookie.go @@ -105,21 +105,14 @@ func formatCookieDomain(ctx context.Context, disableSubdomainPersistence bool) s } // RFC2109, we allow level 1 subdomains, but no further - // if we have localhost.com , we want the localhost.cos. + // if we have localhost.com , we want the localhost.com. // so if we have something like: mysubdomain.localhost.com we want the localhost here // if we have mysubsubdomain.mysubdomain.localhost.com we want the .mysubdomain.localhost.com here // slow things here, especially the 'replace' but this is a good and understable( I hope) way to get the be able to set cookies from subdomains & domain with 1-level limit - if dotIdx := strings.LastIndexByte(requestDomain, '.'); dotIdx > 0 { + if dotIdx := strings.IndexByte(requestDomain, '.'); dotIdx > 0 { // is mysubdomain.localhost.com || mysubsubdomain.mysubdomain.localhost.com - s := requestDomain[0:dotIdx] // set mysubdomain.localhost || mysubsubdomain.mysubdomain.localhost - if secondDotIdx := strings.LastIndexByte(s, '.'); secondDotIdx > 0 { - //is mysubdomain.localhost || mysubsubdomain.mysubdomain.localhost - s = s[secondDotIdx+1:] // set to localhost || mysubdomain.localhost - } - // replace the s with the requestDomain before the domain's siffux - subdomainSuff := strings.LastIndexByte(requestDomain, '.') - if subdomainSuff > len(s) { // if it is actual exists as subdomain suffix - requestDomain = strings.Replace(requestDomain, requestDomain[0:subdomainSuff], s, 1) // set to localhost.com || mysubdomain.localhost.com + if strings.IndexByte(requestDomain[dotIdx+1:], '.') > 0 { + requestDomain = requestDomain[dotIdx+1:] } } // finally set the .localhost.com (for(1-level) || .mysubdomain.localhost.com (for 2-level subdomain allow)