From fea2ef258f0315b7a34651735ec6bec8d4922f63 Mon Sep 17 00:00:00 2001 From: Min RK Date: Thu, 19 Oct 2017 17:44:11 +0200 Subject: [PATCH] set cookie on base_url MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit avoids clobbering cookies when multiple notebook servers are run on one host. Users can override `cookie_options.path = ‘/‘` if they *want* cookies to be shared across notebooks on one host. --- notebook/auth/login.py | 1 + notebook/base/handlers.py | 12 +++++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/notebook/auth/login.py b/notebook/auth/login.py index 93dbff03ea..dc624fa2ce 100644 --- a/notebook/auth/login.py +++ b/notebook/auth/login.py @@ -94,6 +94,7 @@ def set_login_cookie(cls, handler, user_id=None): # 'secure' kwarg is passed to set_secure_cookie if handler.settings.get('secure_cookie', handler.request.protocol == 'https'): cookie_options.setdefault('secure', True) + cookie_options.setdefault('path', handler.base_url) handler.set_secure_cookie(handler.cookie_name, user_id, **cookie_options) return user_id diff --git a/notebook/base/handlers.py b/notebook/base/handlers.py index d5a7382516..1c80a89cf2 100755 --- a/notebook/base/handlers.py +++ b/notebook/base/handlers.py @@ -89,10 +89,16 @@ def set_default_headers(self): # if method is unsupported (websocket and Access-Control-Allow-Origin # for example, so just ignore) self.log.debug(e) - + def clear_login_cookie(self): - self.clear_cookie(self.cookie_name) - + cookie_options = self.settings.get('cookie_options', {}) + path = cookie_options.setdefault('path', self.base_url) + self.clear_cookie(self.cookie_name, path=path) + if path and path != '/': + # also clear cookie on / to ensure old cookies + # are cleared after the change in path behavior. + self.clear_cookie(self.cookie_name) + def get_current_user(self): if self.login_handler is None: return 'anonymous'