Make sure session cookie has the correct path for the tenant

ref: https://fizzy.37signals.com/5986089/collections/7/cards/1234
This commit is contained in:
Mike Dalessio
2025-08-10 18:53:52 -04:00
parent 360e22feb0
commit 5540b0fd1b
4 changed files with 15 additions and 3 deletions
+1 -1
View File
@@ -81,7 +81,7 @@ module Authentication
def set_current_session(session)
logger.struct " Authorized User##{session.user.id}", authentication: { user: { id: session.user.id } }
Current.session = session
cookies.signed.permanent[:session_token] = { value: session.signed_id, httponly: true, same_site: :lax }
cookies.signed.permanent[:session_token] = { value: session.signed_id, httponly: true, same_site: :lax, path: Account.sole.slug }
end
def terminate_session
@@ -0,0 +1,6 @@
Rails.application.configure do
# In test environment, default tenant is set in test_helper.rb
if Rails.env.development?
config.active_record_tenanted.default_tenant = "175932900" # Honcho
end
end
+3
View File
@@ -1,5 +1,8 @@
ENV["RAILS_ENV"] ||= "test"
require_relative "../config/environment"
Rails.application.config.active_record_tenanted.default_tenant = ActiveRecord::FixtureSet.identify :'37s_fizzy'
require "rails/test_help"
require "webmock/minitest"
require "vcr"
+5 -2
View File
@@ -4,10 +4,13 @@ module SessionTestHelper
end
def sign_in_as(user)
cookies[:session_token] = nil
cookies.delete :session_token
user = users(user) unless user.is_a? User
put session_launchpad_path, params: { sig: user.signal_user.perishable_signature }
assert cookies[:session_token].present?
cookie = cookies.get_cookie "session_token"
assert_not_nil cookie, "Expected session_token cookie to be set after sign in"
assert_equal Account.sole.slug, cookie.path, "Expected session_token cookie to be scoped to account slug"
end
def sign_out