From 18f708b5b691f0219be35e453dbb7ef8397060c9 Mon Sep 17 00:00:00 2001
From: Ryuta Kamizono <kamipo@gmail.com>
Date: Mon, 10 Feb 2020 17:33:15 +0900
Subject: [PATCH] Fix to handle same_site option for session pool

Follow up of #1543.
---
 lib/rack/session/abstract/id.rb |  1 +
 lib/rack/session/cookie.rb      |  1 -
 test/spec_session_pool.rb       | 19 +++++++++++++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/lib/rack/session/abstract/id.rb b/lib/rack/session/abstract/id.rb
index cb011359b..638bd3b3b 100644
--- a/lib/rack/session/abstract/id.rb
+++ b/lib/rack/session/abstract/id.rb
@@ -252,6 +252,7 @@ def initialize(app, options = {})
           @default_options = self.class::DEFAULT_OPTIONS.merge(options)
           @key = @default_options.delete(:key)
           @cookie_only = @default_options.delete(:cookie_only)
+          @same_site = @default_options.delete(:same_site)
           initialize_sid
         end
 
diff --git a/lib/rack/session/cookie.rb b/lib/rack/session/cookie.rb
index 3b82b41d2..bb541396f 100644
--- a/lib/rack/session/cookie.rb
+++ b/lib/rack/session/cookie.rb
@@ -118,7 +118,6 @@ def initialize(app, options = {})
         Called from: #{caller[0]}.
         MSG
         @coder = options[:coder] ||= Base64::Marshal.new
-        @same_site = options.delete :same_site
         super(app, options.merge!(cookie_only: true))
       end
 
diff --git a/test/spec_session_pool.rb b/test/spec_session_pool.rb
index ac7522b5a..aba93fb16 100644
--- a/test/spec_session_pool.rb
+++ b/test/spec_session_pool.rb
@@ -178,6 +178,25 @@
     pool.pool[session_id.public_id].must_be_nil
   end
 
+  it "passes through same_site option to session pool" do
+    pool = Rack::Session::Pool.new(incrementor, same_site: :none)
+    req = Rack::MockRequest.new(pool)
+    res = req.get("/")
+    res["Set-Cookie"].must_include "SameSite=None"
+  end
+
+  it "allows using a lambda to specify same_site option, because some browsers require different settings" do
+    pool = Rack::Session::Pool.new(incrementor, same_site: lambda { |req, res| :none })
+    req = Rack::MockRequest.new(pool)
+    res = req.get("/")
+    res["Set-Cookie"].must_include "SameSite=None"
+
+    pool = Rack::Session::Pool.new(incrementor, same_site: lambda { |req, res| :lax })
+    req = Rack::MockRequest.new(pool)
+    res = req.get("/")
+    res["Set-Cookie"].must_include "SameSite=Lax"
+  end
+
   # anyone know how to do this better?
   it "should merge sessions when multithreaded" do
     unless $DEBUG