diff options
| author | Ryan Bigg <radarlistener@gmail.com> | 2008-12-21 13:30:51 +1030 |
|---|---|---|
| committer | Ryan Bigg <radarlistener@gmail.com> | 2008-12-21 13:30:51 +1030 |
| commit | 4fc9f69e54e649e2bc14a796ad7363426958a5ad (patch) | |
| tree | f6bb401cb70e449fc79b1754fd46fa4fa71ad5da /actionpack/lib/action_controller/session | |
| parent | 199f4c54ea3139168a867b7f80ac789a3c29a48d (diff) | |
| parent | 19939fd4c0d0e4eae4ec71df13228547dba03287 (diff) | |
| download | rails-4fc9f69e54e649e2bc14a796ad7363426958a5ad.tar.gz rails-4fc9f69e54e649e2bc14a796ad7363426958a5ad.tar.bz2 rails-4fc9f69e54e649e2bc14a796ad7363426958a5ad.zip | |
Merge branch 'master' of git@github.com:lifo/docrails
Diffstat (limited to 'actionpack/lib/action_controller/session')
| -rw-r--r-- | actionpack/lib/action_controller/session/abstract_store.rb | 29 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/session/cookie_store.rb | 60 |
2 files changed, 71 insertions, 18 deletions
diff --git a/actionpack/lib/action_controller/session/abstract_store.rb b/actionpack/lib/action_controller/session/abstract_store.rb index c6dd865fad..d4b185aaa2 100644 --- a/actionpack/lib/action_controller/session/abstract_store.rb +++ b/actionpack/lib/action_controller/session/abstract_store.rb @@ -11,6 +11,7 @@ module ActionController class SessionHash < Hash def initialize(by, env) + super() @by = by @env = env @loaded = false @@ -21,6 +22,13 @@ module ActionController @id end + def session_id + ActiveSupport::Deprecation.warn( + "ActionController::Session::AbstractStore::SessionHash#session_id" + + "has been deprecated.Please use #id instead.", caller) + id + end + def [](key) load! unless @loaded super @@ -37,6 +45,13 @@ module ActionController h end + def data + ActiveSupport::Deprecation.warn( + "ActionController::Session::AbstractStore::SessionHash#data" + + "has been deprecated.Please use #to_hash instead.", caller) + to_hash + end + private def load! @id, session = @by.send(:load_session, @env) @@ -46,7 +61,7 @@ module ActionController end DEFAULT_OPTIONS = { - :key => 'rack.session', + :key => '_session_id', :path => '/', :domain => nil, :expire_after => nil, @@ -56,6 +71,18 @@ module ActionController } def initialize(app, options = {}) + # Process legacy CGI options + options = options.symbolize_keys + if options.has_key?(:session_path) + options[:path] = options.delete(:session_path) + end + if options.has_key?(:session_key) + options[:key] = options.delete(:session_key) + end + if options.has_key?(:session_http_only) + options[:httponly] = options.delete(:session_http_only) + end + @app = app @default_options = DEFAULT_OPTIONS.merge(options) @key = @default_options[:key] diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index f4089bfa8b..ba63f8521f 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -41,9 +41,11 @@ module ActionController SECRET_MIN_LENGTH = 30 # characters DEFAULT_OPTIONS = { - :domain => nil, - :path => "/", - :expire_after => nil + :key => '_session_id', + :domain => nil, + :path => "/", + :expire_after => nil, + :httponly => false }.freeze ENV_SESSION_KEY = "rack.session".freeze @@ -56,6 +58,18 @@ module ActionController def initialize(app, options = {}) options = options.dup + # Process legacy CGI options + options = options.symbolize_keys + if options.has_key?(:session_path) + options[:path] = options.delete(:session_path) + end + if options.has_key?(:session_key) + options[:key] = options.delete(:session_key) + end + if options.has_key?(:session_http_only) + options[:httponly] = options.delete(:session_http_only) + end + @app = app # The session_key option is required. @@ -74,21 +88,12 @@ module ActionController freeze end - class SessionHash < AbstractStore::SessionHash - private - def load! - session = @by.send(:load_session, @env) - replace(session) - @loaded = true - end - end - def call(env) - session_data = SessionHash.new(self, env) + session_data = AbstractStore::SessionHash.new(self, env) original_value = session_data.dup env[ENV_SESSION_KEY] = session_data - env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup + env[ENV_SESSION_OPTIONS_KEY] = @default_options status, headers, body = @app.call(env) @@ -142,17 +147,18 @@ module ActionController def load_session(env) request = Rack::Request.new(env) session_data = request.cookies[@key] - unmarshal(session_data) || {} + data = unmarshal(session_data) || persistent_session_id!({}) + [data[:session_id], data] end # Marshal a session hash into safe cookie data. Include an integrity hash. def marshal(session) - @verifier.generate(session) + @verifier.generate( persistent_session_id!(session)) end # Unmarshal cookie data to a hash and verify its integrity. def unmarshal(cookie) - @verifier.verify(cookie) if cookie + persistent_session_id!(@verifier.verify(cookie)) if cookie rescue ActiveSupport::MessageVerifier::InvalidSignature nil end @@ -195,6 +201,26 @@ module ActionController key = secret.respond_to?(:call) ? secret.call : secret ActiveSupport::MessageVerifier.new(key, digest) end + + def generate_sid + ActiveSupport::SecureRandom.hex(16) + end + + def persistent_session_id!(data) + (data ||= {}).merge!(inject_persistent_session_id(data)) + end + + def inject_persistent_session_id(data) + requires_session_id?(data) ? { :session_id => generate_sid } : {} + end + + def requires_session_id?(data) + if data + data.respond_to?(:key?) && !data.key?(:session_id) + else + true + end + end end end end |