diff options
-rw-r--r-- | actionpack/CHANGELOG | 3 | ||||
-rw-r--r-- | actionpack/lib/action_controller/cgi_ext/session_performance_fix.rb | 1 | ||||
-rw-r--r-- | actionpack/lib/action_controller/session/cookie_store.rb | 12 |
3 files changed, 10 insertions, 6 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 05ed1a5038..ce27a28188 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,8 @@ *SVN* +# Add a #dbman attr_reader for CGI::Session and make CGI::Session::CookieStore#generate_digest public so it's easy to generate digests +using the cookie store's secret. [Rick] + * Added Request#url that returns the complete URL used for the request [DHH] * Extract dynamic scaffolding into a plugin. #7700 [Josh Peek] diff --git a/actionpack/lib/action_controller/cgi_ext/session_performance_fix.rb b/actionpack/lib/action_controller/cgi_ext/session_performance_fix.rb index 6f9a09da6d..d3dc643d3f 100644 --- a/actionpack/lib/action_controller/cgi_ext/session_performance_fix.rb +++ b/actionpack/lib/action_controller/cgi_ext/session_performance_fix.rb @@ -26,6 +26,7 @@ class CGI # Make the CGI instance available to session stores. attr_reader :cgi + attr_reader :dbman alias_method :initialize_without_cgi_reader, :initialize def initialize(cgi, options = {}) @cgi = cgi diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index d232dd448c..fe2d96e17d 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -94,6 +94,12 @@ class CGI::Session::CookieStore write_cookie('value' => '', 'expires' => 1.year.ago) end + # Generate the HMAC keyed message digest. Uses SHA1 by default. + def generate_digest(data) + key = @secret.respond_to?(:call) ? @secret.call(@session) : @secret + OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(@digest), key, data) + end + private # Marshal a session hash into safe cookie data. Include an integrity hash. def marshal(session) @@ -113,12 +119,6 @@ class CGI::Session::CookieStore end end - # Generate the HMAC keyed message digest. Uses SHA1 by default. - def generate_digest(data) - key = @secret.respond_to?(:call) ? @secret.call(@session) : @secret - OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(@digest), key, data) - end - # Read the session data cookie. def read_cookie @session.cgi.cookies[@cookie_options['name']].first |