Merge pull request rails#54843 from skipkayhil/hm-cookie-length-name

Include cookie name in length calculation

Author: byroot

actionpack/CHANGELOG.md

@@ -1,3 +1,7 @@
+*   Include cookie name when calculating maximum allowed size.
+
+    *Hartley McGuire*
+
 *   Implement `must-understand` directive according to RFC 9111.
 
     The `must-understand` directive indicates that a cache must understand the semantics of the response status code, or discard the response. This directive is enforced to be used only with `no-store` to ensure proper cache behavior.

actionpack/lib/action_dispatch/middleware/cookies.rb

@@ -610,8 +610,10 @@ def commit(name, options)
         end
 
         def check_for_overflow!(name, options)
-          if options[:value].bytesize > MAX_COOKIE_SIZE
-            raise CookieOverflow, "#{name} cookie overflowed with size #{options[:value].bytesize} bytes"
+          total_size = name.to_s.bytesize + options[:value].bytesize
+
+          if total_size > MAX_COOKIE_SIZE
+            raise CookieOverflow, "#{name} cookie overflowed with size #{total_size} bytes"
           end
         end
     end

actionpack/test/dispatch/cookies_test.rb

@@ -972,7 +972,7 @@ def test_raise_data_overflow
     error = assert_raise(ActionDispatch::Cookies::CookieOverflow) do
       get :raise_data_overflow
     end
-    assert_equal "foo cookie overflowed with size 5522 bytes", error.message
+    assert_equal "foo cookie overflowed with size 5525 bytes", error.message
   end
 
   def test_tampered_cookies

actionpack/test/dispatch/session/cookie_store_test.rb

@@ -203,7 +203,7 @@ def test_close_raises_when_data_overflows
       error = assert_raise(ActionDispatch::Cookies::CookieOverflow) {
         get "/raise_data_overflow"
       }
-      assert_equal "_myapp_session cookie overflowed with size 5612 bytes", error.message
+      assert_equal "_myapp_session cookie overflowed with size 5626 bytes", error.message
     end
   end