-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need to be able to set the partitioned flag on the cookie #42
Comments
Nevermind. It was fixed in Rack here: commit |
@jrmcgarvey my original comment was not to close this but I have untangled the spaghetti and think I can see how I can pass it. I will give it a go. It might be worth leaving it open to update the documentation. |
@womblep I didn't think I could get the current version of Rails working with the latest Rack, so I did a monkeypatch. Currently Rails and Rack::Session call Rack::Response::Helpers.set_cookie, and that calls ::Rack::Utils.add_cookie_to_header. In the latest Rack, Rack::Response::Helpers.set_cookie calls Rack::Utils.set_cookie_header, so that is the method I fixed. The monkeypatch was clumsy. It seems like Module.prepend isn't honored when the function is called via ::Rack::Response::Utils.add_cookie_to_header, that is, the reference to the global context, so I had to do a Module.prepend for Rack::Response as well as the one for add_cookie_to_header. Is that the only way to do it? I can reopen the issue if needed. I don't know how this affects the documentation. |
I am using it in Sinatra not Rails so not sure I can help. The documentation for Rack::Session::Abstract::Persisted has all the cookie parameters listed as well as in the DEFAULT_OPTIONS. Partitioned probably should be included so it is clear in future. If you want to reopen this, I can do a documentation update PR which can sit there until rack 3.1 is ready |
Ok, reopening for documentation purposes. |
We use the session cookie to maintain state between a front end and the back end running Rails. The front end and back end are typically running on different hosts. The problem this introduces is that this cookie is a cross site cookie, and browsers are eliminating support for these. The browser vendors are providing a replacement. Cross site cookies will be allowed, so long as they are partitioned. A partitioned cookie is only active for the top level site for which it was originally set. To enable this, one has to be able to set the partitioned flag. See https://developers.google.com/privacy-sandbox/3pcd/chips . This doesn't work for session cookies today, at least in the version of Rails (7.0.4.2) I am running.
The text was updated successfully, but these errors were encountered: