From 882956255a2f5e6141bb34c50461d743843c42ee Mon Sep 17 00:00:00 2001 From: Michael Snoyman Date: Thu, 2 Apr 2015 16:40:14 +0300 Subject: [PATCH] Better support for multiple cookie headers --- yesod-core/ChangeLog.md | 4 ++++ yesod-core/Yesod/Core/Class/Yesod.hs | 8 ++++---- yesod-core/yesod-core.cabal | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/yesod-core/ChangeLog.md b/yesod-core/ChangeLog.md index 30b30cfe..d112543b 100644 --- a/yesod-core/ChangeLog.md +++ b/yesod-core/ChangeLog.md @@ -1,3 +1,7 @@ +## 1.4.9.1 + +* Deal better with multiple cookie headers + ## 1.4.9 * Add simple authentication helpers [#962](https://github.com/yesodweb/yesod/pull/962) diff --git a/yesod-core/Yesod/Core/Class/Yesod.hs b/yesod-core/Yesod/Core/Class/Yesod.hs index ba1bda67..c2e707a1 100644 --- a/yesod-core/Yesod/Core/Class/Yesod.hs +++ b/yesod-core/Yesod/Core/Class/Yesod.hs @@ -695,11 +695,11 @@ loadClientSession key getCachedDate sessionName req = load load = do date <- getCachedDate return (sess date, save date) - sess date = fromMaybe Map.empty $ do - raw <- lookup "Cookie" $ W.requestHeaders req - val <- lookup sessionName $ parseCookies raw + sess date = Map.unions $ do + raw <- [v | (k, v) <- W.requestHeaders req, k == "Cookie"] + val <- [v | (k, v) <- parseCookies raw, k == sessionName] let host = "" -- fixme, properly lock sessions to client address - decodeClientSession key date host val + maybe [] return $ decodeClientSession key date host val save date sess' = do -- We should never cache the IV! Be careful! iv <- liftIO CS.randomIV diff --git a/yesod-core/yesod-core.cabal b/yesod-core/yesod-core.cabal index 365a6362..309b944b 100644 --- a/yesod-core/yesod-core.cabal +++ b/yesod-core/yesod-core.cabal @@ -1,5 +1,5 @@ name: yesod-core -version: 1.4.9 +version: 1.4.9.1 license: MIT license-file: LICENSE author: Michael Snoyman