Merge pull request #261 from KeepSafe/cookies_path

Use path=/ by default for cookies

Author: asvetlov

aiohttp/web.py

@@ -471,7 +471,7 @@ def cookies(self):
         return self._cookies
 
     def set_cookie(self, name, value, *, expires=None,
-                   domain=None, max_age=None, path=None,
+                   domain=None, max_age=None, path='/',
                    secure=None, httponly=None, version=None):
         """Set or update response cookie.
 
@@ -501,7 +501,7 @@ def set_cookie(self, name, value, *, expires=None,
         if version is not None:
             c['version'] = version
 
-    def del_cookie(self, name, *, domain=None, path=None):
+    def del_cookie(self, name, *, domain=None, path='/'):
         """Delete cookie.
 
         Creates new empty expired cookie.

docs/web_reference.rst

@@ -411,8 +411,8 @@ StreamResponse
          :meth:`set_cookie`, :meth:`del_cookie` for cookie
          manipulations.
 
-   .. method:: set_cookie(name, value, *, expires=None, \
-                   domain=None, max_age=None, path=None, \
+   .. method:: set_cookie(name, value, *, path='/', expires=None, \
+                   domain=None, max_age=None, \
                    secure=None, httponly=None, version=None)
 
       Convenient way for setting :attr:`cookies`, allows to specify
@@ -436,7 +436,7 @@ StreamResponse
                           immediately.  (optional)
 
       :param str path: specifies the subset of URLs to
-                       which this cookie applies. (optional)
+                       which this cookie applies. (optional, ``'/'`` by default)
 
       :param bool secure: attribute (with no value) directs
                           the user agent to use only (unspecified)
@@ -458,15 +458,23 @@ StreamResponse
                           specification the cookie
                           conforms. (Optional, *version=1* by default)
 
-   .. method:: del_cookie(name, *, domain=None, path=None)
+      .. versionchanged:: 0.14.3
+
+         Default value for *path* changed from ``None`` to ``'/'``.
+
+   .. method:: del_cookie(name, *, path='/', domain=None)
 
       Deletes cookie.
 
       :param str name: cookie name
 
       :param str domain: optional cookie domain
 
-      :param str path: optional cookie path
+      :param str path: optional cookie path, ``'/'`` by default
+
+      .. versionchanged:: 0.14.3
+
+         Default value for *path* changed from ``None`` to ``'/'``.
 
    .. attribute:: content_length
 

tests/test_web_response.py

@@ -256,19 +256,23 @@ def test_response_cookies(self):
         self.assertEqual(str(resp.cookies), '')
 
         resp.set_cookie('name', 'value')
-        self.assertEqual(str(resp.cookies), 'Set-Cookie: name=value')
+        self.assertEqual(str(resp.cookies), 'Set-Cookie: name=value; Path=/')
         resp.set_cookie('name', 'other_value')
-        self.assertEqual(str(resp.cookies), 'Set-Cookie: name=other_value')
+        self.assertEqual(str(resp.cookies),
+                         'Set-Cookie: name=other_value; Path=/')
 
         resp.cookies['name'] = 'another_other_value'
         resp.cookies['name']['max-age'] = 10
-        self.assertEqual(str(resp.cookies),
-                         'Set-Cookie: name=another_other_value; Max-Age=10')
+        self.assertEqual(
+            str(resp.cookies),
+            'Set-Cookie: name=another_other_value; Max-Age=10; Path=/')
 
         resp.del_cookie('name')
-        self.assertEqual(str(resp.cookies), 'Set-Cookie: name=; Max-Age=0')
+        self.assertEqual(
+            str(resp.cookies),
+            'Set-Cookie: name=; Max-Age=0; Path=/')
 
-        resp.set_cookie('name', 'value', domain='local.host')
+        resp.set_cookie('name', 'value', domain='local.host', path=None)
         self.assertEqual(str(resp.cookies),
                          'Set-Cookie: name=value; Domain=local.host')
 
@@ -283,7 +287,7 @@ def test_response_cookie_path(self):
         resp.set_cookie('name', 'value', expires='123')
         self.assertEqual(str(resp.cookies),
                          'Set-Cookie: name=value; expires=123;'
-                         ' Path=/some/path')
+                         ' Path=/')
         resp.set_cookie('name', 'value', domain='example.com',
                         path='/home', expires='123', max_age='10',
                         secure=True, httponly=True, version='2.0')
@@ -304,15 +308,17 @@ def test_response_cookie__issue_del_cookie(self):
         self.assertEqual(str(resp.cookies), '')
 
         resp.del_cookie('name')
-        self.assertEqual(str(resp.cookies), 'Set-Cookie: name=; Max-Age=0')
+        self.assertEqual(str(resp.cookies),
+                         'Set-Cookie: name=; Max-Age=0; Path=/')
 
     def test_cookie_set_after_del(self):
         resp = StreamResponse()
 
         resp.del_cookie('name')
         resp.set_cookie('name', 'val')
         # check for Max-Age dropped
-        self.assertEqual(str(resp.cookies), 'Set-Cookie: name=val')
+        self.assertEqual(str(resp.cookies),
+                         'Set-Cookie: name=val; Path=/')
 
     def test_set_status_with_reason(self):
         resp = StreamResponse()