From c65b8506954a094f08a3191c76066a459c084a93 Mon Sep 17 00:00:00 2001
From: Wichert Akkerman <wichert@wiggy.net>
Date: Sat, 10 Aug 2013 22:22:37 +0200
Subject: No cookies on other domain with parent_domain

---
 pyramid/authentication.py            | 14 +++++++-------
 pyramid/tests/test_authentication.py | 25 ++++++++++---------------
 2 files changed, 17 insertions(+), 22 deletions(-)

diff --git a/pyramid/authentication.py b/pyramid/authentication.py
index c1aa970bd..565393a34 100644
--- a/pyramid/authentication.py
+++ b/pyramid/authentication.py
@@ -865,22 +865,22 @@ class AuthTktCookieHelper(object):
         if ':' in cur_domain:
             cur_domain = cur_domain.split(':', 1)[0]
 
-        cookies = [
-            ('Set-Cookie', '%s="%s"; Path=%s%s%s' % (
-            self.cookie_name, value, self.path, max_age, self.static_flags))
-            ]
 
         domains = []
         if self.parent_domain and cur_domain.count('.') > 1:
             domains.append('.' + cur_domain.split('.', 1)[1])
         else:
+            domains.append(None)
             domains.append(cur_domain)
             if self.wild_domain:
                 domains.append('.' + cur_domain)
+
+        cookies = []
+        base_cookie = '%s="%s"; Path=%s%s%s' % (self.cookie_name, value,
+                self.path, max_age, self.static_flags)
         for domain in domains:
-            cookies.append(('Set-Cookie', '%s="%s"; Path=%s; Domain=%s%s%s' % (
-                self.cookie_name, value, self.path, domain, max_age,
-                self.static_flags)))
+            domain = '; Domain=%s' % domain if domain is not None else ''
+            cookies.append(('Set-Cookie', '%s%s' % (base_cookie, domain)))
 
         return cookies
 
diff --git a/pyramid/tests/test_authentication.py b/pyramid/tests/test_authentication.py
index 960a87a6a..d787d09b7 100644
--- a/pyramid/tests/test_authentication.py
+++ b/pyramid/tests/test_authentication.py
@@ -908,11 +908,11 @@ class TestAuthTktCookieHelper(unittest.TestCase):
         self.assertTrue(result[0][1].startswith('auth_tkt='))
 
         self.assertEqual(result[1][0], 'Set-Cookie')
-        self.assertTrue(result[1][1].endswith('; HttpOnly'))
+        self.assertTrue('; HttpOnly' in result[1][1])
         self.assertTrue(result[1][1].startswith('auth_tkt='))
 
         self.assertEqual(result[2][0], 'Set-Cookie')
-        self.assertTrue(result[2][1].endswith('; HttpOnly'))
+        self.assertTrue('; HttpOnly' in result[2][1])
         self.assertTrue(result[2][1].startswith('auth_tkt='))
 
     def test_remember_secure(self):
@@ -952,24 +952,19 @@ class TestAuthTktCookieHelper(unittest.TestCase):
         request = self._makeRequest()
         request.environ['HTTP_HOST'] = 'www.example.com'
         result = helper.remember(request, 'other')
-        self.assertEqual(len(result), 2)
+        self.assertEqual(len(result), 1)
 
         self.assertEqual(result[0][0], 'Set-Cookie')
-        self.assertTrue(result[0][1].endswith('; Path=/'))
+        self.assertTrue(result[0][1].endswith('; Path=/; Domain=.example.com'))
         self.assertTrue(result[0][1].startswith('auth_tkt='))
 
-        self.assertEqual(result[1][0], 'Set-Cookie')
-        self.assertTrue(result[1][1].endswith('; Path=/; Domain=.example.com'))
-        self.assertTrue(result[1][1].startswith('auth_tkt='))
-
     def test_remember_parent_domain_supercedes_wild_domain(self):
         helper = self._makeOne('secret', parent_domain=True, wild_domain=True)
         request = self._makeRequest()
         request.environ['HTTP_HOST'] = 'www.example.com'
         result = helper.remember(request, 'other')
-        self.assertEqual(len(result), 2)
-        self.assertTrue(result[0][1].endswith('; Path=/'))
-        self.assertTrue(result[1][1].endswith('; Path=/; Domain=.example.com'))
+        self.assertEqual(len(result), 1)
+        self.assertTrue(result[0][1].endswith('; Domain=.example.com'))
 
     def test_remember_domain_has_port(self):
         helper = self._makeOne('secret', wild_domain=False)
@@ -1102,13 +1097,13 @@ class TestAuthTktCookieHelper(unittest.TestCase):
         name, value = headers[1]
         self.assertEqual(name, 'Set-Cookie')
         self.assertEqual(value,
-                         'auth_tkt=""; Path=/; Domain=localhost; Max-Age=0; '
-                         'Expires=Wed, 31-Dec-97 23:59:59 GMT')
+                         'auth_tkt=""; Path=/; Max-Age=0; '
+                         'Expires=Wed, 31-Dec-97 23:59:59 GMT; Domain=localhost')
         name, value = headers[2]
         self.assertEqual(name, 'Set-Cookie')
         self.assertEqual(value,
-                         'auth_tkt=""; Path=/; Domain=.localhost; Max-Age=0; '
-                         'Expires=Wed, 31-Dec-97 23:59:59 GMT')
+                         'auth_tkt=""; Path=/; Max-Age=0; '
+                         'Expires=Wed, 31-Dec-97 23:59:59 GMT; Domain=.localhost')
 
 class TestAuthTicket(unittest.TestCase):
     def _makeOne(self, *arg, **kw):
-- 
cgit v1.2.3