colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Made session cookie path dynamic based on APP_URL

This commit is contained in:
Dan Brown 2021-03-16 13:03:07 +00:00
parent 3d0e1bc9db
commit 1420f239fc
3 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env.example.complete
View File

@ -73,7 +73,6 @@ SESSION_DRIVER=file
# Session configuration # Session configuration
SESSION_LIFETIME=120 SESSION_LIFETIME=120
SESSION_COOKIE_NAME=bookstack_session SESSION_COOKIE_NAME=bookstack_session
SESSION_COOKIE_PATH=/
SESSION_SECURE_COOKIE=false SESSION_SECURE_COOKIE=false
# Cache key prefix # Cache key prefix

2
app/Config/session.php
View File

@ -59,7 +59,7 @@ return [
// The session cookie path determines the path for which the cookie will // The session cookie path determines the path for which the cookie will
// be regarded as available. Typically, this will be the root path of // be regarded as available. Typically, this will be the root path of
// your application but you are free to change this when necessary. // your application but you are free to change this when necessary.
'path' => env('SESSION_COOKIE_PATH', '/'), 'path' => '/' . (explode('/', env('APP_URL', ''), 4)[3] ?? ''),
// Session Cookie Domain // Session Cookie Domain
// Here you may change the domain of the cookie used to identify a session // Here you may change the domain of the cookie used to identify a session

14
tests/Unit/ConfigTest.php
View File

@ -59,16 +59,20 @@ class ConfigTest extends TestCase
$this->assertStringNotContainsString('testing', $output); $this->assertStringNotContainsString('testing', $output);
} }
public function test_session_cookie_uses_sub_path_from_app_url()
{
$this->checkEnvConfigResult('APP_URL', 'https://example.com', 'session.path', '/');
$this->checkEnvConfigResult('APP_URL', 'https://a.com/b', 'session.path', '/b');
$this->checkEnvConfigResult('APP_URL', 'https://a.com/b/d/e', 'session.path', '/b/d/e');
$this->checkEnvConfigResult('APP_URL', '', 'session.path', '/');
}
/** /**
* Set an environment variable of the given name and value * Set an environment variable of the given name and value
* then check the given config key to see if it matches the given result. * then check the given config key to see if it matches the given result.
* Providing a null $envVal clears the variable. * Providing a null $envVal clears the variable.
* @param string $envName
* @param string|null $envVal
* @param string $configKey
* @param string $expectedResult
*/ */
protected function checkEnvConfigResult(string $envName, $envVal, string $configKey, string $expectedResult) protected function checkEnvConfigResult(string $envName, ?string $envVal, string $configKey, string $expectedResult)
{ {
$this->runWithEnv($envName, $envVal, function() use ($configKey, $expectedResult) { $this->runWithEnv($envName, $envVal, function() use ($configKey, $expectedResult) {
$this->assertEquals($expectedResult, config($configKey)); $this->assertEquals($expectedResult, config($configKey));