Better support for multiple cookie headers

2015-04-02 16:40:14 +03:00 · 2015-04-02 16:40:14 +03:00 · 882956255a
commit 882956255a
parent c2e836bf3a
3 changed files with 9 additions and 5 deletions
--- a/yesod-core/ChangeLog.md
+++ b/yesod-core/ChangeLog.md
@ -1,3 +1,7 @@
+## 1.4.9.1
+
+* Deal better with multiple cookie headers
+
 ## 1.4.9

 * Add simple authentication helpers [#962](https://github.com/yesodweb/yesod/pull/962)
--- a/yesod-core/Yesod/Core/Class/Yesod.hs
+++ b/yesod-core/Yesod/Core/Class/Yesod.hs
@ -695,11 +695,11 @@ loadClientSession key getCachedDate sessionName req = load
    load = do
      date <- getCachedDate
      return (sess date, save date)
-    sess date = fromMaybe Map.empty $ do
-      raw <- lookup "Cookie" $ W.requestHeaders req
-      val <- lookup sessionName $ parseCookies raw
+    sess date = Map.unions $ do
+      raw <- [v | (k, v) <- W.requestHeaders req, k == "Cookie"]
+      val <- [v | (k, v) <- parseCookies raw, k == sessionName]
      let host = "" -- fixme, properly lock sessions to client address
-      decodeClientSession key date host val
+      maybe [] return $ decodeClientSession key date host val
    save date sess' = do
      -- We should never cache the IV!  Be careful!
      iv <- liftIO CS.randomIV
--- a/yesod-core/yesod-core.cabal
+++ b/yesod-core/yesod-core.cabal
@ -1,5 +1,5 @@
 name:            yesod-core
-version:         1.4.9
+version:         1.4.9.1
 license:         MIT
 license-file:    LICENSE
 author:          Michael Snoyman <michael@snoyman.com>