diff options
Diffstat (limited to 'actionpack/lib/action_controller/rack_process.rb')
-rw-r--r-- | actionpack/lib/action_controller/rack_process.rb | 139 |
1 files changed, 12 insertions, 127 deletions
diff --git a/actionpack/lib/action_controller/rack_process.rb b/actionpack/lib/action_controller/rack_process.rb index 568f893c6c..e783839f34 100644 --- a/actionpack/lib/action_controller/rack_process.rb +++ b/actionpack/lib/action_controller/rack_process.rb @@ -3,24 +3,12 @@ require 'action_controller/cgi_ext' module ActionController #:nodoc: class RackRequest < AbstractRequest #:nodoc: attr_accessor :session_options - attr_reader :cgi class SessionFixationAttempt < StandardError #:nodoc: end - DEFAULT_SESSION_OPTIONS = { - :database_manager => CGI::Session::CookieStore, # store data in cookie - :prefix => "ruby_sess.", # prefix session file names - :session_path => "/", # available to all paths in app - :session_key => "_session_id", - :cookie_only => true, - :session_http_only=> true - } - - def initialize(env, session_options = DEFAULT_SESSION_OPTIONS) - @session_options = session_options + def initialize(env) @env = env - @cgi = CGIWrapper.new(self) super() end @@ -66,87 +54,25 @@ module ActionController #:nodoc: @env['SERVER_SOFTWARE'].split("/").first end - def session - unless defined?(@session) - if @session_options == false - @session = Hash.new - else - stale_session_check! do - if cookie_only? && query_parameters[session_options_with_string_keys['session_key']] - raise SessionFixationAttempt - end - case value = session_options_with_string_keys['new_session'] - when true - @session = new_session - when false - begin - @session = CGI::Session.new(@cgi, session_options_with_string_keys) - # CGI::Session raises ArgumentError if 'new_session' == false - # and no session cookie or query param is present. - rescue ArgumentError - @session = Hash.new - end - when nil - @session = CGI::Session.new(@cgi, session_options_with_string_keys) - else - raise ArgumentError, "Invalid new_session option: #{value}" - end - @session['__valid_session'] - end - end - end - @session + def session_options + @env['rack.session.options'] ||= {} end - def reset_session - @session.delete if defined?(@session) && @session.is_a?(CGI::Session) - @session = new_session + def session_options=(options) + @env['rack.session.options'] = options end - private - # Delete an old session if it exists then create a new one. - def new_session - if @session_options == false - Hash.new - else - CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => false)).delete rescue nil - CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => true)) - end - end - - def cookie_only? - session_options_with_string_keys['cookie_only'] - end - - def stale_session_check! - yield - rescue ArgumentError => argument_error - if argument_error.message =~ %r{undefined class/module ([\w:]*\w)} - begin - # Note that the regexp does not allow $1 to end with a ':' - $1.constantize - rescue LoadError, NameError => const_error - raise ActionController::SessionRestoreError, <<-end_msg -Session contains objects whose class definition isn\'t available. -Remember to require the classes for all objects kept in the session. -(Original exception: #{const_error.message} [#{const_error.class}]) -end_msg - end - - retry - else - raise - end - end + def session + @env['rack.session'] ||= {} + end - def session_options_with_string_keys - @session_options_with_string_keys ||= DEFAULT_SESSION_OPTIONS.merge(@session_options).stringify_keys - end + def reset_session + @env['rack.session'] = {} + end end class RackResponse < AbstractResponse #:nodoc: - def initialize(request) - @cgi = request.cgi + def initialize @writer = lambda { |x| @body << x } @block = nil super() @@ -247,49 +173,8 @@ end_msg else cookies << cookie.to_s end - @cgi.output_cookies.each { |c| cookies << c.to_s } if @cgi.output_cookies - headers['Set-Cookie'] = [headers['Set-Cookie'], cookies].flatten.compact end end end - - class CGIWrapper < ::CGI - attr_reader :output_cookies - - def initialize(request, *args) - @request = request - @args = *args - @input = request.body - - super *args - end - - def params - @params ||= @request.params - end - - def cookies - @request.cookies - end - - def query_string - @request.query_string - end - - # Used to wrap the normal args variable used inside CGI. - def args - @args - end - - # Used to wrap the normal env_table variable used inside CGI. - def env_table - @request.env - end - - # Used to wrap the normal stdinput variable used inside CGI. - def stdinput - @input - end - end end |