allow session-only cookies (#161)

Co-authored-by: Rob Ede <robjtede@icloud.com>
2024-11-23 15:51:06 +01:00 · 2021-03-06 19:26:06 +00:00 · 2021-03-06 19:26:06 +00:00 · 8d635f71fb
commit 8d635f71fb
parent ba248a681b
3 changed files with 38 additions and 3 deletions
--- a/actix-redis/CHANGES.md
+++ b/actix-redis/CHANGES.md
@ -2,6 +2,9 @@

 ## Unreleased - 2020-xx-xx
 * Implement `std::error::Error` for `Error` [#135]
+* Allow the removal of Max-Age for session-only cookies. [#161]
+
+[#161]: https://github.com/actix/actix-extras/pull/161

 ## 0.9.1 - 2020-09-12
 * Enforce minimum redis-async version of 0.6.3 to workaround breaking patch change.
--- a/actix-redis/src/session.rs
+++ b/actix-redis/src/session.rs
@ -80,8 +80,9 @@ impl RedisSession {
    }

    /// Set custom cookie max-age
-    pub fn cookie_max_age(mut self, max_age: Duration) -> Self {
-        Rc::get_mut(&mut self.0).unwrap().max_age = Some(max_age);
+    /// Use `None` for session-only cookies
+    pub fn cookie_max_age(mut self, max_age: impl Into<Option<Duration>>) -> Self {
+        Rc::get_mut(&mut self.0).unwrap().max_age = max_age.into();
        self
    }

@ -450,6 +451,7 @@ mod test {
        // Step 1:  GET index
        //   - set-cookie actix-session will be in response (session cookie #1)
        //   - response should be: {"counter": 0, "user_id": None}
+        //   - cookie should have default max-age of 7 days
        // Step 2:  GET index, including session cookie #1 in request
        //   - set-cookie will *not* be in response
        //   - response should be: {"counter": 0, "user_id": None}
@ -510,6 +512,7 @@ mod test {
                counter: 0
            }
        );
+        assert_eq!(cookie_1.max_age(), Some(Duration::days(7)));

        // Step 2:  GET index, including session cookie #1 in request
        //   - set-cookie will *not* be in response
@ -667,4 +670,33 @@ mod test {
            .unwrap();
        assert_ne!(cookie_5.value(), cookie_2.value());
    }
+
+    #[actix_rt::test]
+    async fn test_max_age_session_only() {
+        //
+        // Test that removing max_age results in a session-only cookie
+        //
+        let srv = test::start(|| {
+            App::new()
+                .wrap(
+                    RedisSession::new("127.0.0.1:6379", &[0; 32])
+                        .cookie_name("test-session")
+                        .cookie_max_age(None),
+                )
+                .wrap(middleware::Logger::default())
+                .service(resource("/").route(get().to(index)))
+        });
+
+        let req = srv.get("/").send();
+        let resp = req.await.unwrap();
+        let cookie = resp
+            .cookies()
+            .unwrap()
+            .clone()
+            .into_iter()
+            .find(|c| c.name() == "test-session")
+            .unwrap();
+
+        assert_eq!(cookie.max_age(), None);
+    }
 }
--- a/actix-web-httpauth/src/headers/authorization/scheme/basic.rs
+++ b/actix-web-httpauth/src/headers/authorization/scheme/basic.rs
@ -115,7 +115,7 @@ impl IntoHeaderValue for Basic {
        let encoded = base64::encode(&credentials);
        let mut value = BytesMut::with_capacity(6 + encoded.len());
        value.put(&b"Basic "[..]);
-        value.put(&encoded.as_bytes()[..]);
+        value.put(encoded.as_bytes());

        HeaderValue::from_maybe_shared(value.freeze())
    }