Refactor cookie_only option to survive multiple requests and add regression tests. References #10048. [theflow]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8176 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
author: Michael Koziarski <michael@koziarski.com> 2007-11-21 04:28:59 +0000
committer: Michael Koziarski <michael@koziarski.com> 2007-11-21 04:28:59 +0000
commit: 41fb4904e22859178c3002c2acff342073540a64 (patch)
tree: 7d765b6cdc0412387286c0c4f7beeb403df41561 /actionpack/lib/action_controller/cgi_process.rb
parent: 6967b422abe6a14a719e039aeedda4a922f06c5b (diff)
download: rails-41fb4904e22859178c3002c2acff342073540a64.tar.gz
rails-41fb4904e22859178c3002c2acff342073540a64.tar.bz2
rails-41fb4904e22859178c3002c2acff342073540a64.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/actionpack/lib/action_controller/cgi_process.rb b/actionpack/lib/action_controller/cgi_process.rb
index b3739ce399..6a802aa8fa 100644
--- a/actionpack/lib/action_controller/cgi_process.rb
+++ b/actionpack/lib/action_controller/cgi_process.rb
@@ -33,13 +33,14 @@ module ActionController #:nodoc:
   end
 
   class CgiRequest < AbstractRequest #:nodoc:
-    attr_accessor :cgi, :session_options, :cookie_only
+    attr_accessor :cgi, :session_options
     class SessionFixationAttempt < StandardError; end #:nodoc:
 
     DEFAULT_SESSION_OPTIONS = {
       :database_manager => CGI::Session::CookieStore, # store data in cookie
       :prefix           => "ruby_sess.",    # prefix session file names
       :session_path     => "/",             # available to all paths in app
+      :session_key      => "_session_id",
       :cookie_only      => true
     } unless const_defined?(:DEFAULT_SESSION_OPTIONS)
 
@@ -47,7 +48,6 @@ module ActionController #:nodoc:
       @cgi = cgi
       @session_options = session_options
       @env = @cgi.send!(:env_table)
-      @cookie_only = session_options.delete :cookie_only
       super()
     end
 
@@ -112,7 +112,7 @@ module ActionController #:nodoc:
           @session = Hash.new
         else
           stale_session_check! do
-            if @cookie_only && request_parameters[session_options_with_string_keys['session_key']]
+            if cookie_only? && query_parameters[session_options_with_string_keys['session_key']]
               raise SessionFixationAttempt
             end
             case value = session_options_with_string_keys['new_session']
@@ -158,6 +158,10 @@ module ActionController #:nodoc:
         end
       end
 
+      def cookie_only?
+        session_options_with_string_keys['cookie_only']
+      end
+
       def stale_session_check!
         yield
       rescue ArgumentError => argument_error
author	Michael Koziarski <michael@koziarski.com>	2007-11-21 04:28:59 +0000
committer	Michael Koziarski <michael@koziarski.com>	2007-11-21 04:28:59 +0000
commit	41fb4904e22859178c3002c2acff342073540a64 (patch)
tree	7d765b6cdc0412387286c0c4f7beeb403df41561 /actionpack/lib/action_controller/cgi_process.rb
parent	6967b422abe6a14a719e039aeedda4a922f06c5b (diff)
download	rails-41fb4904e22859178c3002c2acff342073540a64.tar.gz rails-41fb4904e22859178c3002c2acff342073540a64.tar.bz2 rails-41fb4904e22859178c3002c2acff342073540a64.zip