Persistent session identifier support for CookieSessionStore and API compat. with the server side stores [#1591 state:resolved]

Signed-off-by: Joshua Peek <josh@joshpeek.com>

2 files changed, 39 insertions, 13 deletions

diff --git a/actionpack/lib/action_controller/session/abstract_store.rb b/actionpack/lib/action_controller/session/abstract_store.rb
index c6dd865fad..7874ee5a28 100644
--- a/actionpack/lib/action_controller/session/abstract_store.rb
+++ b/actionpack/lib/action_controller/session/abstract_store.rb
@@ -21,6 +21,13 @@ module ActionController
           @id
         end
 
+        def session_id
+          ActiveSupport::Deprecation.warn(
+            "ActionController::Session::AbstractStore::SessionHash#session_id" +
+            "has been deprecated.Please use #id instead.", caller)
+          id
+        end
+
         def [](key)
           load! unless @loaded
           super
@@ -37,6 +44,13 @@ module ActionController
           h
         end
 
+        def data
+         ActiveSupport::Deprecation.warn(
+           "ActionController::Session::AbstractStore::SessionHash#data" +
+           "has been deprecated.Please use #to_hash instead.", caller)
+          to_hash
+        end
+
         private
           def load!
             @id, session = @by.send(:load_session, @env)
diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb
index f4089bfa8b..ce3cf354fd 100644
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -74,17 +74,8 @@ module ActionController
         freeze
       end
 
-      class SessionHash < AbstractStore::SessionHash
-        private
-          def load!
-            session = @by.send(:load_session, @env)
-            replace(session)
-            @loaded = true
-          end
-      end
-
       def call(env)
-        session_data = SessionHash.new(self, env)
+        session_data = AbstractStore::SessionHash.new(self, env)
         original_value = session_data.dup
 
         env[ENV_SESSION_KEY] = session_data
@@ -142,17 +133,18 @@ module ActionController
         def load_session(env)
           request = Rack::Request.new(env)
           session_data = request.cookies[@key]
-          unmarshal(session_data) || {}
+          data = unmarshal(session_data) || persistent_session_id!({})
+          [data[:session_id], data]
         end
 
         # Marshal a session hash into safe cookie data. Include an integrity hash.
         def marshal(session)
-          @verifier.generate(session)
+          @verifier.generate( persistent_session_id!(session))
         end
 
         # Unmarshal cookie data to a hash and verify its integrity.
         def unmarshal(cookie)
-          @verifier.verify(cookie) if cookie
+          persistent_session_id!(@verifier.verify(cookie)) if cookie
         rescue ActiveSupport::MessageVerifier::InvalidSignature
           nil
         end
@@ -195,6 +187,26 @@ module ActionController
           key = secret.respond_to?(:call) ? secret.call : secret
           ActiveSupport::MessageVerifier.new(key, digest)
         end
+
+        def generate_sid
+          ActiveSupport::SecureRandom.hex(16)
+        end
+
+        def persistent_session_id!(data)
+          (data ||= {}).merge!(inject_persistent_session_id(data))
+        end
+
+        def inject_persistent_session_id(data)
+          requires_session_id?(data) ? { :session_id => generate_sid } : {}
+        end
+
+        def requires_session_id?(data)
+          if data
+            data.respond_to?(:key?) && !data.key?(:session_id)
+          else
+            true
+          end
+        end
     end
   end
 end