()
| 227 | |
| 228 | |
| 229 | def test_session_dynamic_cookie_name(): |
| 230 | # This session interface will use a cookie with a different name if the |
| 231 | # requested url ends with the string "dynamic_cookie" |
| 232 | class PathAwareSessionInterface(SecureCookieSessionInterface): |
| 233 | def get_cookie_name(self, app): |
| 234 | if flask.request.url.endswith("dynamic_cookie"): |
| 235 | return "dynamic_cookie_name" |
| 236 | else: |
| 237 | return super().get_cookie_name(app) |
| 238 | |
| 239 | class CustomFlask(flask.Flask): |
| 240 | session_interface = PathAwareSessionInterface() |
| 241 | |
| 242 | app = CustomFlask(__name__) |
| 243 | app.secret_key = "secret_key" |
| 244 | |
| 245 | @app.route("/set", methods=["POST"]) |
| 246 | def set(): |
| 247 | flask.session["value"] = flask.request.form["value"] |
| 248 | return "value set" |
| 249 | |
| 250 | @app.route("/get") |
| 251 | def get(): |
| 252 | v = flask.session.get("value", "None") |
| 253 | return v |
| 254 | |
| 255 | @app.route("/set_dynamic_cookie", methods=["POST"]) |
| 256 | def set_dynamic_cookie(): |
| 257 | flask.session["value"] = flask.request.form["value"] |
| 258 | return "value set" |
| 259 | |
| 260 | @app.route("/get_dynamic_cookie") |
| 261 | def get_dynamic_cookie(): |
| 262 | v = flask.session.get("value", "None") |
| 263 | return v |
| 264 | |
| 265 | test_client = app.test_client() |
| 266 | |
| 267 | # first set the cookie in both /set urls but each with a different value |
| 268 | assert test_client.post("/set", data={"value": "42"}).data == b"value set" |
| 269 | assert ( |
| 270 | test_client.post("/set_dynamic_cookie", data={"value": "616"}).data |
| 271 | == b"value set" |
| 272 | ) |
| 273 | |
| 274 | # now check that the relevant values come back - meaning that different |
| 275 | # cookies are being used for the urls that end with "dynamic cookie" |
| 276 | assert test_client.get("/get").data == b"42" |
| 277 | assert test_client.get("/get_dynamic_cookie").data == b"616" |
| 278 | |
| 279 | |
| 280 | def test_bad_environ_raises_bad_request(): |
nothing calls this directly
no test coverage detected