play framework

can not add domain attribute in cookie

Bug #478890 reported by Bin Li
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
play framework
Status tracked in 1.0
1.0
Fix Released
Undecided
Unassigned
play framework 1.0.1
1.1
Fix Committed
Undecided
Unassigned
play framework 1.1

Bug Description

In HttpHandler.java
                        DefaultCookie c = new DefaultCookie
(cookie.name, cookie.value);
                        c.setSecure(cookie.secure);
                        c.setPath(cookie.path);
                        response.addCookie(c);

The domain attribute of cookie is missing.

http://groups.google.com/group/play-framework/browse_thread/thread/758697387982daff/d165ea56731c1d10?lnk=gst&q=cookie#d165ea56731c1d10

Guillaume Bort (guillaume-bort)
Changed in play:
status: New → Fix Committed
Revision history for this message
cunghi (phatdoanh24) wrote :

I have viewed the 1.1 source code revision 667 and it seems that the
bug 478890 is not fixed completely

In HttpHandler, the following source code has setDomain to low layer
server based on Play Framework cookie.domain

            if (cookie.domain != null) {

                c.setDomain(cookie.domain);

            }

However, application developers cannot use the the cross domain
because the following source in Http.java doesn't support setting domain
for Play Framework cookie

The Play Framework needs to fix flash and session objects also because these objects based on Play Framework Cookie

Thanks,
CungHi

Changed in play:
status: Fix Committed → Incomplete
Guillaume Bort (guillaume-bort)
Changed in play:
status: Incomplete → Fix Committed
cunghi (phatdoanh24)
Changed in play:
status: Fix Committed → Incomplete
Revision history for this message
cunghi (phatdoanh24) wrote :

The flash and session objects are created new for each subdomain.
With standard java servlet API, the session is implements in server via sessionID in cookie, so it is easy for java servlet API to share session between subdomain in the same web app.
Play Framework session and flash are implemented via Cookies, to implement share session between subdomain, it may requires to call in Play Framework API. It is good if Play Framework provide transparently session sharing between subdomain

Currently, I will try the cross domain cookie in the lastest patch and will provide testing result soon

Revision history for this message
Guillaume Bort (guillaume-bort) wrote : Re: [Bug 478890] Re: can not add domain attribute in cookie

This bug was about the ability to set the domain attribute on cookies.
So it is fixed. Please fill another bug about the Session cookie
domain configuration.

On Wed, Nov 18, 2009 at 7:51 PM, cunghi <email address hidden> wrote:
> The flash and session objects are created new for each subdomain.
> With standard java servlet API, the session is implements in server via sessionID in cookie, so it is easy for java servlet API to share session between subdomain in the same web app.
> Play Framework session and flash are implemented via Cookies, to implement share session between subdomain, it may requires to call in Play Framework API. It is good if Play Framework provide transparently session sharing between subdomain
>
> Currently, I will try the cross domain cookie in the lastest patch and
> will provide testing result soon
>
> --
>  can not add domain attribute in cookie
> https://bugs.launchpad.net/bugs/478890
> You received this bug notification because you are a member of play
> framework developers, which is subscribed to play framework.
>

Changed in play:
status: Incomplete → Fix Committed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.