Merge pull request #8824 from mjtko/fix/cookie-store-inheritance

Modify CookieStore middleware inheritance to avoid subclassing Rack::Session::Cookie [Fix for #7372]
author: Santiago Pastorino <santiago@wyeworks.com> 2013-01-08 17:27:13 -0800
committer: Santiago Pastorino <santiago@wyeworks.com> 2013-01-08 17:27:13 -0800
commit: 5d0d82957ae2658a576f5785506a52cfe03d0758 (patch)
tree: 7b84276d6583d5c8b45ec0c7d91c9e020e95eb06
parent: 5fb501984d9ccd15076b7ce303d8675dace55a04 (diff)
parent: 109a1b3358d8d973405b15cd76ec1872adc64d4c (diff)
download: rails-5d0d82957ae2658a576f5785506a52cfe03d0758.tar.gz
rails-5d0d82957ae2658a576f5785506a52cfe03d0758.tar.bz2
rails-5d0d82957ae2658a576f5785506a52cfe03d0758.zip
2 files changed, 26 insertions, 5 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
index 6fb16bdfe9..7c12590c49 100644
--- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -21,8 +21,6 @@ module ActionDispatch
     module Compatibility
       def initialize(app, options = {})
         options[:key] ||= '_session_id'
-        # FIXME Rack's secret is not being used
-        options[:secret] ||= SecureRandom.hex(30)
         super
       end
 
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index 4437b50f1f..1e6ed624b0 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -36,21 +36,38 @@ module ActionDispatch
     # "rake secret" and set the key in config/initializers/secret_token.rb.
     #
     # Note that changing digest or secret invalidates all existing sessions!
-    class CookieStore < Rack::Session::Cookie
+    class CookieStore < Rack::Session::Abstract::ID
       include Compatibility
       include StaleSessionCheck
       include SessionObject
 
-      # Override rack's method
+      def initialize(app, options={})
+        super(app, options.merge!(:cookie_only => true))
+      end
+
       def destroy_session(env, session_id, options)
-        new_sid = super
+        new_sid = generate_sid unless options[:drop]
         # Reset hash and Assign the new session id
         env["action_dispatch.request.unsigned_session_cookie"] = new_sid ? { "session_id" => new_sid } : {}
         new_sid
       end
 
+      def load_session(env)
+        stale_session_check! do
+          data = unpacked_cookie_data(env)
+          data = persistent_session_id!(data)
+          [data["session_id"], data]
+        end
+      end
+
       private
 
+      def extract_session_id(env)
+        stale_session_check! do
+          unpacked_cookie_data(env)["session_id"]
+        end
+      end
+
       def unpacked_cookie_data(env)
         env["action_dispatch.request.unsigned_session_cookie"] ||= begin
           stale_session_check! do
@@ -62,6 +79,12 @@ module ActionDispatch
         end
       end
 
+      def persistent_session_id!(data, sid=nil)
+        data ||= {}
+        data["session_id"] ||= sid || generate_sid
+        data
+      end
+
       def set_session(env, sid, session_data, options)
         session_data["session_id"] = sid
         session_data
author	Santiago Pastorino <santiago@wyeworks.com>	2013-01-08 17:27:13 -0800
committer	Santiago Pastorino <santiago@wyeworks.com>	2013-01-08 17:27:13 -0800
commit	5d0d82957ae2658a576f5785506a52cfe03d0758 (patch)
tree	7b84276d6583d5c8b45ec0c7d91c9e020e95eb06
parent	5fb501984d9ccd15076b7ce303d8675dace55a04 (diff)
parent	109a1b3358d8d973405b15cd76ec1872adc64d4c (diff)
download	rails-5d0d82957ae2658a576f5785506a52cfe03d0758.tar.gz rails-5d0d82957ae2658a576f5785506a52cfe03d0758.tar.bz2 rails-5d0d82957ae2658a576f5785506a52cfe03d0758.zip