Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to be able to set the partitioned flag on the cookie #42

Open
jrmcgarvey opened this issue Mar 7, 2024 · 6 comments
Open

Need to be able to set the partitioned flag on the cookie #42

jrmcgarvey opened this issue Mar 7, 2024 · 6 comments

Comments

@jrmcgarvey
Copy link
Contributor

We use the session cookie to maintain state between a front end and the back end running Rails. The front end and back end are typically running on different hosts. The problem this introduces is that this cookie is a cross site cookie, and browsers are eliminating support for these. The browser vendors are providing a replacement. Cross site cookies will be allowed, so long as they are partitioned. A partitioned cookie is only active for the top level site for which it was originally set. To enable this, one has to be able to set the partitioned flag. See https://developers.google.com/privacy-sandbox/3pcd/chips . This doesn't work for session cookies today, at least in the version of Rails (7.0.4.2) I am running.
@jrmcgarvey
Copy link
Contributor Author

jrmcgarvey commented Mar 8, 2024
edited

Nevermind. It was fixed in Rack here: commit

@jrmcgarvey
Copy link
Contributor Author

rack/rack@958ed51

@jrmcgarvey jrmcgarvey closed this as not planned Won't fix, can't repro, duplicate, stale Mar 8, 2024
@womblep
Copy link

womblep commented Mar 8, 2024
edited

@jrmcgarvey my original comment was not to close this but I have untangled the spaghetti and think I can see how I can pass it. I will give it a go.

It might be worth leaving it open to update the documentation.

@jrmcgarvey
Copy link
Contributor Author

jrmcgarvey commented Mar 8, 2024
edited

@womblep I didn't think I could get the current version of Rails working with the latest Rack, so I did a monkeypatch. Currently Rails and Rack::Session call Rack::Response::Helpers.set_cookie, and that calls ::Rack::Utils.add_cookie_to_header. In the latest Rack, Rack::Response::Helpers.set_cookie calls Rack::Utils.set_cookie_header, so that is the method I fixed.

The monkeypatch was clumsy. It seems like Module.prepend isn't honored when the function is called via ::Rack::Response::Utils.add_cookie_to_header, that is, the reference to the global context, so I had to do a Module.prepend for Rack::Response as well as the one for add_cookie_to_header. Is that the only way to do it?

I can reopen the issue if needed. I don't know how this affects the documentation.

@womblep
Copy link

womblep commented Mar 9, 2024
edited

I am using it in Sinatra not Rails so not sure I can help.

The documentation for ‎Rack::Session::Abstract::Persisted has all the cookie parameters listed as well as in the DEFAULT_OPTIONS. Partitioned probably should be included so it is clear in future.
However the merge you list above hasn't made it to a gem release yet, I think they are waiting to merge it into Rack 3.1. I tested to the point where it hit set_cookie_header and partitioned was passed so it should all work once they release it.

If you want to reopen this, I can do a documentation update PR which can sit there until rack 3.1 is ready

@jrmcgarvey
Copy link
Contributor Author

Ok, reopening for documentation purposes.

@jrmcgarvey jrmcgarvey reopened this Mar 9, 2024
@womblep womblep mentioned this issue Mar 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@womblep @jrmcgarvey