aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoshua Peek <josh@joshpeek.com>2009-02-06 23:15:39 -0600
committerJoshua Peek <josh@joshpeek.com>2009-02-06 23:16:58 -0600
commit43c09383cefbc3b62e9b124792fb0d0278689d2b (patch)
treec8e88d37bfb8e62194a1b3bbb1fc0f322ea65876
parent78c6f48b26777a3725505d0cb3ec4af483bf9a95 (diff)
downloadrails-43c09383cefbc3b62e9b124792fb0d0278689d2b.tar.gz
rails-43c09383cefbc3b62e9b124792fb0d0278689d2b.tar.bz2
rails-43c09383cefbc3b62e9b124792fb0d0278689d2b.zip
Ensure session id is set in session options hash [#1880 state:resolved]
-rw-r--r--actionpack/lib/action_controller/session/abstract_store.rb24
-rw-r--r--actionpack/lib/action_controller/session/cookie_store.rb2
-rw-r--r--actionpack/test/controller/session/cookie_store_test.rb18
-rw-r--r--actionpack/test/controller/session/mem_cache_store_test.rb19
4 files changed, 45 insertions, 18 deletions
diff --git a/actionpack/lib/action_controller/session/abstract_store.rb b/actionpack/lib/action_controller/session/abstract_store.rb
index 41a35f867f..69620cfd50 100644
--- a/actionpack/lib/action_controller/session/abstract_store.rb
+++ b/actionpack/lib/action_controller/session/abstract_store.rb
@@ -17,16 +17,11 @@ module ActionController
@loaded = false
end
- def id
- load! unless @loaded
- @id
- end
-
def session_id
ActiveSupport::Deprecation.warn(
- "ActionController::Session::AbstractStore::SessionHash#session_id" +
- "has been deprecated.Please use #id instead.", caller)
- id
+ "ActionController::Session::AbstractStore::SessionHash#session_id " +
+ "has been deprecated. Please use request.session_options[:id] instead.", caller)
+ @env[ENV_SESSION_OPTIONS_KEY][:id]
end
def [](key)
@@ -47,8 +42,8 @@ module ActionController
def data
ActiveSupport::Deprecation.warn(
- "ActionController::Session::AbstractStore::SessionHash#data" +
- "has been deprecated.Please use #to_hash instead.", caller)
+ "ActionController::Session::AbstractStore::SessionHash#data " +
+ "has been deprecated. Please use #to_hash instead.", caller)
to_hash
end
@@ -59,7 +54,8 @@ module ActionController
def load!
stale_session_check! do
- @id, session = @by.send(:load_session, @env)
+ id, session = @by.send(:load_session, @env)
+ (@env[ENV_SESSION_OPTIONS_KEY] ||= {})[:id] = id
replace(session)
@loaded = true
end
@@ -126,11 +122,7 @@ module ActionController
if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)
- if session_data.is_a?(AbstractStore::SessionHash)
- sid = session_data.id
- else
- sid = generate_sid
- end
+ sid = options[:id] || generate_sid
unless set_session(env, sid, session_data.to_hash)
return response
diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb
index 5a728d1877..9f478d28ac 100644
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -88,7 +88,7 @@ module ActionController
def call(env)
env[ENV_SESSION_KEY] = AbstractStore::SessionHash.new(self, env)
- env[ENV_SESSION_OPTIONS_KEY] = @default_options
+ env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup
status, headers, body = @app.call(env)
diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index 95d2eb11c4..f00a80c1c2 100644
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -30,6 +30,10 @@ class CookieStoreTest < ActionController::IntegrationTest
render :text => "foo: #{session[:foo].inspect}"
end
+ def get_session_id
+ render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}"
+ end
+
def call_reset_session
reset_session
head :ok
@@ -106,6 +110,20 @@ class CookieStoreTest < ActionController::IntegrationTest
end
end
+ def test_getting_session_id
+ with_test_route_set do
+ cookies[SessionKey] = SignedBar
+ get '/persistent_session_id'
+ assert_response :success
+ assert_equal response.body.size, 32
+ session_id = response.body
+
+ get '/get_session_id'
+ assert_response :success
+ assert_equal "foo: \"bar\"; id: #{session_id}", response.body
+ end
+ end
+
def test_disregards_tampered_sessions
with_test_route_set do
cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--123456780"
diff --git a/actionpack/test/controller/session/mem_cache_store_test.rb b/actionpack/test/controller/session/mem_cache_store_test.rb
index eb896a344c..c3a6c8ce45 100644
--- a/actionpack/test/controller/session/mem_cache_store_test.rb
+++ b/actionpack/test/controller/session/mem_cache_store_test.rb
@@ -16,6 +16,10 @@ class MemCacheStoreTest < ActionController::IntegrationTest
render :text => "foo: #{session[:foo].inspect}"
end
+ def get_session_id
+ render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}"
+ end
+
def call_reset_session
reset_session
head :ok
@@ -50,7 +54,20 @@ class MemCacheStoreTest < ActionController::IntegrationTest
with_test_route_set do
get '/get_session_value'
assert_response :success
- assert_equal 'foo: nil', response.body
+ assert_equal 'foo: nil', response.body
+ end
+ end
+
+ def test_getting_session_id
+ with_test_route_set do
+ get '/set_session_value'
+ assert_response :success
+ assert cookies['_session_id']
+ session_id = cookies['_session_id']
+
+ get '/get_session_id'
+ assert_response :success
+ assert_equal "foo: \"bar\"; id: #{session_id}", response.body
end
end