aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/session
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/lib/action_controller/session')
-rw-r--r--actionpack/lib/action_controller/session/abstract_store.rb6
-rw-r--r--actionpack/lib/action_controller/session/cookie_store.rb10
2 files changed, 9 insertions, 7 deletions
diff --git a/actionpack/lib/action_controller/session/abstract_store.rb b/actionpack/lib/action_controller/session/abstract_store.rb
index bf09fd33c5..9434c2e05e 100644
--- a/actionpack/lib/action_controller/session/abstract_store.rb
+++ b/actionpack/lib/action_controller/session/abstract_store.rb
@@ -102,8 +102,10 @@ module ActionController
response = @app.call(env)
session_data = env[ENV_SESSION_KEY]
- if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?)
- options = env[ENV_SESSION_OPTIONS_KEY]
+ options = env[ENV_SESSION_OPTIONS_KEY]
+
+ if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
+ session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)
if session_data.is_a?(AbstractStore::SessionHash)
sid = session_data.id
diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb
index e061c4d4a1..5a728d1877 100644
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -45,7 +45,7 @@ module ActionController
:domain => nil,
:path => "/",
:expire_after => nil,
- :httponly => false
+ :httponly => true
}.freeze
ENV_SESSION_KEY = "rack.session".freeze
@@ -56,8 +56,6 @@ module ActionController
class CookieOverflow < StandardError; end
def initialize(app, options = {})
- options = options.dup
-
# Process legacy CGI options
options = options.symbolize_keys
if options.has_key?(:session_path)
@@ -95,12 +93,14 @@ module ActionController
status, headers, body = @app.call(env)
session_data = env[ENV_SESSION_KEY]
- if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?)
+ options = env[ENV_SESSION_OPTIONS_KEY]
+
+ if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
+ session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)
session_data = marshal(session_data.to_hash)
raise CookieOverflow if session_data.size > MAX
- options = env[ENV_SESSION_OPTIONS_KEY]
cookie = Hash.new
cookie[:value] = session_data
unless options[:expire_after].nil?
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-22 17:31:29 +0000