From f650a0fb0bde77053075d21b56eaa11cfc211de0 Mon Sep 17 00:00:00 2001
From: Rossen Georgiev <rossen@rgp.io>
Date: Sat, 30 Apr 2016 14:59:02 +0100
Subject: [PATCH] web session: send cookies only to steam domains

* cookies are now only send to steam domains
* set default language to english
* set birthtime cookies to avoid age check redirects
---
 steam/client/builtins/web.py | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/steam/client/builtins/web.py b/steam/client/builtins/web.py
index 08d898a..6e10a2a 100644
--- a/steam/client/builtins/web.py
+++ b/steam/client/builtins/web.py
@@ -13,8 +13,7 @@ class Web(object):
         super(Web, self).__init__(*args, **kwargs)
 
     def get_web_session_cookies(self):
-        """
-        Get web authentication cookies via WebAPI's ``AuthenticateUser``
+        """Get web authentication cookies via WebAPI's ``AuthenticateUser``
 
         .. note::
             only valid during the current steam session
@@ -46,16 +45,17 @@ class Web(object):
             'steamLoginSecure': resp['authenticateuser']['tokensecure'],
         }
 
-    def get_web_session(self):
-        """
+    def get_web_session(self, language='english'):
+        """Get a :class:`requests.Session` that is ready for use
+
         See :meth:`get_web_session_cookies`
 
-        .. warning::
-            Exercise caution when using the session.
-            Auth cookies will be send with every request,
-            regardless of the domain or https/http.
+        .. note::
+            Auth cookies will only be send to ``.steampowered.com`` and ``.steamcommunity.com`` domains
 
-        :return: authenticated session ready for use
+        :param language: localization language for steam pages
+        :type language: :class:`str`
+        :return: authenticated Session ready for use
         :rtype: :class:`requests.Session`, :class:`None`
         """
         cookies = self.get_web_session_cookies()
@@ -64,7 +64,12 @@ class Web(object):
 
         session = make_requests_session()
 
-        for name, val in cookies.items():
-            session.cookies.set(name, val)
+        for domain in ['.steampowered.com', '.steamcommunity.com']:
+            for name, val in cookies.items():
+                secure = (name == 'steamLoginSecure')
+                session.cookies.set(name, val, domain=domain, secure=secure)
+
+            session.cookies.set('Steam_Language', language, domain=domain)
+            session.cookies.set('birthtime', '-3333', domain=domain)
 
         return session