aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/cgi_process.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/lib/action_controller/cgi_process.rb')
-rw-r--r--actionpack/lib/action_controller/cgi_process.rb10
1 files changed, 7 insertions, 3 deletions
diff --git a/actionpack/lib/action_controller/cgi_process.rb b/actionpack/lib/action_controller/cgi_process.rb
index b3739ce399..6a802aa8fa 100644
--- a/actionpack/lib/action_controller/cgi_process.rb
+++ b/actionpack/lib/action_controller/cgi_process.rb
@@ -33,13 +33,14 @@ module ActionController #:nodoc:
end
class CgiRequest < AbstractRequest #:nodoc:
- attr_accessor :cgi, :session_options, :cookie_only
+ attr_accessor :cgi, :session_options
class SessionFixationAttempt < StandardError; end #:nodoc:
DEFAULT_SESSION_OPTIONS = {
:database_manager => CGI::Session::CookieStore, # store data in cookie
:prefix => "ruby_sess.", # prefix session file names
:session_path => "/", # available to all paths in app
+ :session_key => "_session_id",
:cookie_only => true
} unless const_defined?(:DEFAULT_SESSION_OPTIONS)
@@ -47,7 +48,6 @@ module ActionController #:nodoc:
@cgi = cgi
@session_options = session_options
@env = @cgi.send!(:env_table)
- @cookie_only = session_options.delete :cookie_only
super()
end
@@ -112,7 +112,7 @@ module ActionController #:nodoc:
@session = Hash.new
else
stale_session_check! do
- if @cookie_only && request_parameters[session_options_with_string_keys['session_key']]
+ if cookie_only? && query_parameters[session_options_with_string_keys['session_key']]
raise SessionFixationAttempt
end
case value = session_options_with_string_keys['new_session']
@@ -158,6 +158,10 @@ module ActionController #:nodoc:
end
end
+ def cookie_only?
+ session_options_with_string_keys['cookie_only']
+ end
+
def stale_session_check!
yield
rescue ArgumentError => argument_error
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 18:07:01 +0000