diff --git a/etc/noosfero/varnish-noosfero.vcl b/etc/noosfero/varnish-noosfero.vcl index 04d6bc3..272bd91 100644 --- a/etc/noosfero/varnish-noosfero.vcl +++ b/etc/noosfero/varnish-noosfero.vcl @@ -1,9 +1,8 @@ sub vcl_recv { if (req.request == "GET" || req.request == "HEAD") { if (req.http.Cookie) { - # We only care about the "_noosfero_session.*" cookie, used for - # authentication. - if (req.http.Cookie !~ "_noosfero_session.*" ) { + # We only care about the "_noosfero_.*" cookies, used by Noosfero + if (req.http.Cookie !~ "_noosfero_.*" ) { # strip all cookies unset req.http.Cookie; } diff --git a/plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb b/plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb index 6941d35..74374cf 100644 --- a/plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb +++ b/plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb @@ -290,7 +290,7 @@ class ShoppingCartPluginController < PublicController end def cookie_key - :_noosfero_session_shopping_cart + :_noosfero_plugin_shopping_cart end end diff --git a/vendor/plugins/noosfero_caching/init.rb b/vendor/plugins/noosfero_caching/init.rb index 1033838..48c14e1 100644 --- a/vendor/plugins/noosfero_caching/init.rb +++ b/vendor/plugins/noosfero_caching/init.rb @@ -38,13 +38,23 @@ module NoosferoHttpCaching def call(env) status, headers, body = @app.call(env) if headers['X-Noosfero-Auth'] == 'false' - # FIXME do not do this if there is any plugin cookie set (e.g. - # _noosfero_session_shopping_cart) - headers.delete('Set-Cookie') + headers['Set-Cookie'] = remove_unwanted_cookies(headers['Set-Cookie']) end headers.delete('X-Noosfero-Auth') [status, headers, body] end + + protected + + # filter off all cookies except for plugin-provided ones that are + # path-specific (i.e path != "/"). + def remove_unwanted_cookies(cookie_list) + return nil if cookie_list.nil? + cookie_list.select do |c| + c =~ /^_noosfero_plugin_\w+=/ && c =~ /path=\/\w+/ + end + end + end end -- libgit2 0.21.2