diff options
author | Santiago Pastorino <santiago@wyeworks.com> | 2013-01-08 17:27:13 -0800 |
---|---|---|
committer | Santiago Pastorino <santiago@wyeworks.com> | 2013-01-08 17:27:13 -0800 |
commit | 5d0d82957ae2658a576f5785506a52cfe03d0758 (patch) | |
tree | 7b84276d6583d5c8b45ec0c7d91c9e020e95eb06 /actionpack/lib | |
parent | 5fb501984d9ccd15076b7ce303d8675dace55a04 (diff) | |
parent | 109a1b3358d8d973405b15cd76ec1872adc64d4c (diff) | |
download | rails-5d0d82957ae2658a576f5785506a52cfe03d0758.tar.gz rails-5d0d82957ae2658a576f5785506a52cfe03d0758.tar.bz2 rails-5d0d82957ae2658a576f5785506a52cfe03d0758.zip |
Merge pull request #8824 from mjtko/fix/cookie-store-inheritance
Modify CookieStore middleware inheritance to avoid subclassing Rack::Session::Cookie [Fix for #7372]
Diffstat (limited to 'actionpack/lib')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/session/abstract_store.rb | 2 | ||||
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/session/cookie_store.rb | 29 |
2 files changed, 26 insertions, 5 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb index 6fb16bdfe9..7c12590c49 100644 --- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb @@ -21,8 +21,6 @@ module ActionDispatch module Compatibility def initialize(app, options = {}) options[:key] ||= '_session_id' - # FIXME Rack's secret is not being used - options[:secret] ||= SecureRandom.hex(30) super end diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb index 4437b50f1f..1e6ed624b0 100644 --- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb @@ -36,21 +36,38 @@ module ActionDispatch # "rake secret" and set the key in config/initializers/secret_token.rb. # # Note that changing digest or secret invalidates all existing sessions! - class CookieStore < Rack::Session::Cookie + class CookieStore < Rack::Session::Abstract::ID include Compatibility include StaleSessionCheck include SessionObject - # Override rack's method + def initialize(app, options={}) + super(app, options.merge!(:cookie_only => true)) + end + def destroy_session(env, session_id, options) - new_sid = super + new_sid = generate_sid unless options[:drop] # Reset hash and Assign the new session id env["action_dispatch.request.unsigned_session_cookie"] = new_sid ? { "session_id" => new_sid } : {} new_sid end + def load_session(env) + stale_session_check! do + data = unpacked_cookie_data(env) + data = persistent_session_id!(data) + [data["session_id"], data] + end + end + private + def extract_session_id(env) + stale_session_check! do + unpacked_cookie_data(env)["session_id"] + end + end + def unpacked_cookie_data(env) env["action_dispatch.request.unsigned_session_cookie"] ||= begin stale_session_check! do @@ -62,6 +79,12 @@ module ActionDispatch end end + def persistent_session_id!(data, sid=nil) + data ||= {} + data["session_id"] ||= sid || generate_sid + data + end + def set_session(env, sid, session_data, options) session_data["session_id"] = sid session_data |