Merge pull request #730 from rhuffus/add-cookie-domain-to-sessionmiddleware

Add with_cookie_domain method to SessionMiddleware

Author: jbr

src/sessions/middleware.rs

@@ -51,6 +51,7 @@ pub struct SessionMiddleware<Store> {
     store: Store,
     cookie_path: String,
     cookie_name: String,
+    cookie_domain: Option<String>,
     session_ttl: Option<Duration>,
     save_unchanged: bool,
     same_site_policy: SameSite,
@@ -63,6 +64,7 @@ impl<Store: SessionStore> std::fmt::Debug for SessionMiddleware<Store> {
             .field("store", &self.store)
             .field("cookie_path", &self.cookie_path)
             .field("cookie_name", &self.cookie_name)
+            .field("cookie_domain", &self.cookie_domain)
             .field("session_ttl", &self.session_ttl)
             .field("same_site_policy", &self.same_site_policy)
             .field("key", &"..")
@@ -157,6 +159,7 @@ impl<Store: SessionStore> SessionMiddleware<Store> {
     ///     SessionMiddleware::new(MemoryStore::new(), b"please do not hardcode your secret")
     ///         .with_cookie_name("custom.cookie.name")
     ///         .with_cookie_path("/some/path")
+    ///         .with_cookie_domain("www.rust-lang.org")
     ///         .with_same_site_policy(SameSite::Lax)
     ///         .with_session_ttl(Some(Duration::from_secs(1)))
     ///         .without_save_unchanged(),
@@ -168,6 +171,7 @@ impl<Store: SessionStore> SessionMiddleware<Store> {
             save_unchanged: true,
             cookie_path: "/".into(),
             cookie_name: "tide.sid".into(),
+            cookie_domain: None,
             same_site_policy: SameSite::Strict,
             session_ttl: Some(Duration::from_secs(24 * 60 * 60)),
             key: Key::derive_from(secret),
@@ -222,6 +226,12 @@ impl<Store: SessionStore> SessionMiddleware<Store> {
         self
     }
 
+    /// Sets the domain of the cookie.
+    pub fn with_cookie_domain(mut self, cookie_domain: impl AsRef<str>) -> Self {
+        self.cookie_domain = Some(cookie_domain.as_ref().to_owned());
+        self
+    }
+
     //--- methods below here are private ---
 
     async fn load_or_create(&self, cookie_value: Option<String>) -> Session {
@@ -247,6 +257,10 @@ impl<Store: SessionStore> SessionMiddleware<Store> {
             cookie.set_expires(Some((std::time::SystemTime::now() + ttl).into()));
         }
 
+        if let Some(cookie_domain) = self.cookie_domain.clone() {
+            cookie.set_domain(cookie_domain)
+        }
+
         self.sign_cookie(&mut cookie);
 
         cookie

tests/sessions.rs

@@ -37,6 +37,7 @@ async fn test_basic_sessions() -> tide::Result<()> {
     let cookies = Cookies::from_response(&response);
     let cookie = &cookies["tide.sid"];
     assert_eq!(cookie.name(), "tide.sid");
+    assert_eq!(cookie.domain(), None);
     assert_eq!(cookie.http_only(), Some(true));
     assert_eq!(cookie.same_site(), Some(SameSite::Strict));
     assert_eq!(cookie.secure(), None); // this request was http://
@@ -62,6 +63,7 @@ async fn test_customized_sessions() -> tide::Result<()> {
         SessionMiddleware::new(MemoryStore::new(), b"12345678901234567890123456789012345")
             .with_cookie_name("custom.cookie.name")
             .with_cookie_path("/nested")
+            .with_cookie_domain("www.rust-lang.org")
             .with_same_site_policy(SameSite::Lax)
             .with_session_ttl(Some(Duration::from_secs(1)))
             .without_save_unchanged(),
@@ -99,6 +101,7 @@ async fn test_customized_sessions() -> tide::Result<()> {
     assert_eq!(cookie.http_only(), Some(true));
     assert_eq!(cookie.same_site(), Some(SameSite::Lax));
     assert_eq!(cookie.path(), Some("/nested"));
+    assert_eq!(cookie.domain(), Some("www.rust-lang.org"));
     let cookie_value = cookie.value().to_string();
 
     let mut second_response = app