Cut the fat and make session stores rely on request.cookie_jar and change set_session semantics to return the cookie value instead of a boolean.

1 files changed, 16 insertions, 83 deletions

diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index 0c1712bf84..92a86ee229 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -1,4 +1,3 @@
-require 'action_dispatch/middleware/cookies'
 require 'active_support/core_ext/hash/keys'
 require 'active_support/core_ext/object/blank'
 
@@ -39,18 +38,10 @@ module ActionDispatch
     # "rake secret" and set the key in config/environment.rb.
     #
     # Note that changing digest or secret invalidates all existing sessions!
-    class CookieStore
-      DEFAULT_OPTIONS = {
-        :key          => '_session_id',
-        :domain       => nil,
-        :path         => "/",
-        :expire_after => nil,
-        :httponly     => true
-      }.freeze
-
+    class CookieStore < AbstractStore
       class OptionsHash < Hash
         def initialize(by, env, default_options)
-          @session_data = env[CookieStore::ENV_SESSION_KEY]
+          @session_data = env[AbstractStore::ENV_SESSION_KEY]
           merge!(default_options)
         end
 
@@ -59,96 +50,38 @@ module ActionDispatch
         end
       end
 
-      ENV_SESSION_KEY = "rack.session".freeze
-      ENV_SESSION_OPTIONS_KEY = "rack.session.options".freeze
-
       def initialize(app, options = {})
-        # Process legacy CGI options
-        # TODO Refactor and deprecate me
-        options = options.symbolize_keys
-
-        if options.has_key?(:session_path)
-          options[:path] = options.delete(:session_path)
-        end
-        if options.has_key?(:session_key)
-          options[:key] = options.delete(:session_key)
-        end
-        if options.has_key?(:session_http_only)
-          options[:httponly] = options.delete(:session_http_only)
-        end
-
-        @app = app
-
-        # The session_key option is required.
-        ensure_session_key(options[:key])
-        @key = options.delete(:key).freeze
-
-        @default_options = DEFAULT_OPTIONS.merge(options).freeze
+        super(app, options.merge!(:cookie_only => true))
         freeze
       end
 
-      def call(env)
-        env[ENV_SESSION_KEY] = AbstractStore::SessionHash.new(self, env)
-        env[ENV_SESSION_OPTIONS_KEY] = OptionsHash.new(self, env, @default_options)
-
-        status, headers, body = @app.call(env)
-
-        session_data = env[ENV_SESSION_KEY]
-        options = env[ENV_SESSION_OPTIONS_KEY]
-
-        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
-          session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)
-          session_data = persistent_session_id!(session_data.to_hash)
-
-          cookie = { :value => session_data }
-          unless options[:expire_after].nil?
-            cookie[:expires] = Time.now + options.delete(:expire_after)
-          end
+      private
 
-          request = ActionDispatch::Request.new(env)
-          request.cookie_jar.signed[@key] = cookie.merge!(options)
+        def prepare!(env)
+          env[ENV_SESSION_KEY] = SessionHash.new(self, env)
+          env[ENV_SESSION_OPTIONS_KEY] = OptionsHash.new(self, env, @default_options)
         end
 
-        [status, headers, body]
-      end
-
-      private
-
         def load_session(env)
           request = ActionDispatch::Request.new(env)
           data = request.cookie_jar.signed[@key]
-          data = persistent_session_id!(data || {})
+          data = persistent_session_id!(data)
           data.stringify_keys!
           [data["session_id"], data]
         end
 
-        def generate_sid
-          ActiveSupport::SecureRandom.hex(16)
-        end
-
-        def ensure_session_key(key)
-          if key.blank?
-            raise ArgumentError, 'A key is required to write a ' +
-              'cookie containing the session data. Use ' +
-              'config.session_store :cookie_store, { :key => ' +
-              '"_myapp_session" } in config/application.rb'
-          end
-        end
-
-        def persistent_session_id!(data)
-          (data ||= {}).merge!(inject_persistent_session_id(data))
+        def set_cookie(request, options)
+          request.cookie_jar.signed[@key] = options
         end
 
-        def inject_persistent_session_id(data)
-          requires_session_id?(data) ? { "session_id" => generate_sid } : {}
+        def set_session(env, sid, session_data)
+          persistent_session_id!(session_data, sid)
         end
 
-        def requires_session_id?(data)
-          if data
-            data.respond_to?(:key?) && !data.key?("session_id")
-          else
-            true
-          end
+        def persistent_session_id!(data, sid=nil)
+          data ||= {}
+          data["session_id"] ||= sid || generate_sid
+          data
         end
     end
   end