Merge pull request #2959 from minrk/cookie-path

set cookie on base_url
9 years ago · 95a52f2b86
parent f763c03d10 fea2ef258f
commit 95a52f2b86
2 changed files with 10 additions and 3 deletions
--- a/notebook/auth/login.py
+++ b/notebook/auth/login.py
@ -94,6 +94,7 @@ class LoginHandler(IPythonHandler):
        # 'secure' kwarg is passed to set_secure_cookie
        if handler.settings.get('secure_cookie', handler.request.protocol == 'https'):
            cookie_options.setdefault('secure', True)
+        cookie_options.setdefault('path', handler.base_url)
        handler.set_secure_cookie(handler.cookie_name, user_id, **cookie_options)
        return user_id

--- a/notebook/base/handlers.py
+++ b/notebook/base/handlers.py
@ -89,10 +89,16 @@ class AuthenticatedHandler(web.RequestHandler):
                # if method is unsupported (websocket and Access-Control-Allow-Origin
                # for example, so just ignore)
                self.log.debug(e)
-    
+
    def clear_login_cookie(self):
-        self.clear_cookie(self.cookie_name)
-    
+        cookie_options = self.settings.get('cookie_options', {})
+        path = cookie_options.setdefault('path', self.base_url)
+        self.clear_cookie(self.cookie_name, path=path)
+        if path and path != '/':
+            # also clear cookie on / to ensure old cookies
+            # are cleared after the change in path behavior.
+            self.clear_cookie(self.cookie_name)
+
    def get_current_user(self):
        if self.login_handler is None:
            return 'anonymous'