Deprecated ActionController::Base.session_options= and ActionController::Base.session_store= in favor of a config.session_store method (which takes params) and a config.cookie_secret variable, which is used in various secret scenarios. The old AC::Base options will continue to work with deprecation warnings.

4 files changed, 36 insertions, 10 deletions

diff --git a/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt b/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt
index 451dbe1d1c..be627fbbcc 100644
--- a/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt
+++ b/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt
@@ -4,4 +4,4 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random, 
 # no regular words or you'll be exposed to dictionary attacks.
-ActionController::Base.cookie_verifier_secret = '<%= app_secret %>'
+Rails.application.config.cookie_secret = '<%= app_secret %>'
diff --git a/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt b/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt
index 2f04ed8fb0..edd2273fb0 100644
--- a/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt
+++ b/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt
@@ -1,12 +1,7 @@
 # Be sure to restart your server when you modify this file.
 
-# Your secret key for verifying cookie session data integrity.
-# If you change this key, all old sessions will become invalid!
-# Make sure the secret is at least 30 characters and all random, 
-# no regular words or you'll be exposed to dictionary attacks.
-Rails.application.config.action_dispatch.session = {
-  :key    => '_<%= app_name %>_session',
-  :secret => '<%= app_secret %>'
+Rails.application.config.session_store :cookie_store, {
+  :key => '_<%= app_name %>_session',
 }
 
 # Use the database for sessions instead of the cookie-based default,
diff --git a/railties/lib/rails/engine/configuration.rb b/railties/lib/rails/engine/configuration.rb
index 5d3e768cfd..cdaf35542f 100644
--- a/railties/lib/rails/engine/configuration.rb
+++ b/railties/lib/rails/engine/configuration.rb
@@ -7,6 +7,7 @@ module Rails
       attr_writer :eager_load_paths, :load_once_paths, :load_paths
 
       def initialize(root=nil)
+        super()
         @root = root
       end
 
diff --git a/railties/lib/rails/railtie/configuration.rb b/railties/lib/rails/railtie/configuration.rb
index 28d7b2f9ae..6a8c4ca09f 100644
--- a/railties/lib/rails/railtie/configuration.rb
+++ b/railties/lib/rails/railtie/configuration.rb
@@ -3,6 +3,13 @@ require 'rails/configuration'
 module Rails
   class Railtie
     class Configuration
+      attr_accessor :cookie_secret
+
+      def initialize
+        @session_store = :cookie_store
+        @session_options = {}
+      end
+
       def middleware
         @@default_middleware_stack ||= default_middleware
       end
@@ -52,6 +59,24 @@ module Rails
         @metal_loader ||= Rails::Application::MetalLoader.new
       end
 
+      def session_store(*args)
+        if args.empty?
+          case @session_store
+          when :disabled
+            nil
+          when :active_record_store
+            ActiveRecord::SessionStore
+          when Symbol
+            ActionDispatch::Session.const_get(@session_store.to_s.camelize)
+          else
+            @session_store
+          end
+        else
+          @session_store = args.shift
+          @session_options = args.shift || {}
+        end
+      end
+
     private
 
       def method_missing(name, *args, &blk)
@@ -61,6 +86,11 @@ module Rails
         super
       end
 
+      def session_options
+        return @session_options unless @session_store == :cookie_store
+        @session_options.merge(:secret => @cookie_secret)
+      end
+
       def config_key_regexp
         bits = config_keys.map { |n| Regexp.escape(n.to_s) }.join('|')
         /^(#{bits})(?:=)?$/
@@ -86,8 +116,8 @@ module Rails
           middleware.use('::Rack::Sendfile', lambda { action_dispatch.x_sendfile_header })
           middleware.use('::ActionDispatch::Callbacks', lambda { !cache_classes })
           middleware.use('::ActionDispatch::Cookies')
-          middleware.use(lambda { ActionController::SessionManagement.session_store_for(action_dispatch.session_store) }, lambda { action_dispatch.session })
-          middleware.use('::ActionDispatch::Flash', :if => lambda { action_dispatch.session_store })
+          middleware.use(lambda { session_store }, lambda { session_options })
+          middleware.use('::ActionDispatch::Flash', :if => lambda { session_store })
           middleware.use(lambda { metal_loader.build_middleware(metals) }, :if => lambda { metal_loader.metals.any? })
           middleware.use('ActionDispatch::ParamsParser')
           middleware.use('::Rack::MethodOverride')