diff options
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware/session')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/session/abstract_store.rb | 61 | ||||
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/session/cookie_store.rb | 13 |
2 files changed, 42 insertions, 32 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb index 879d98fbdb..6c039cf62d 100644 --- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb @@ -17,16 +17,11 @@ module ActionDispatch @loaded = false end - def id - load! unless @loaded - @id - end - def session_id ActiveSupport::Deprecation.warn( - "ActionController::Session::AbstractStore::SessionHash#session_id" + - "has been deprecated.Please use #id instead.", caller) - id + "ActionController::Session::AbstractStore::SessionHash#session_id " + + "has been deprecated. Please use request.session_options[:id] instead.", caller) + @env[ENV_SESSION_OPTIONS_KEY][:id] end def [](key) @@ -47,20 +42,45 @@ module ActionDispatch def data ActiveSupport::Deprecation.warn( - "ActionController::Session::AbstractStore::SessionHash#data" + - "has been deprecated.Please use #to_hash instead.", caller) + "ActionController::Session::AbstractStore::SessionHash#data " + + "has been deprecated. Please use #to_hash instead.", caller) to_hash end + def inspect + load! unless @loaded + super + end + private def loaded? @loaded end def load! - @id, session = @by.send(:load_session, @env) - replace(session) - @loaded = true + stale_session_check! do + id, session = @by.send(:load_session, @env) + (@env[ENV_SESSION_OPTIONS_KEY] ||= {})[:id] = id + replace(session) + @loaded = true + end + end + + def stale_session_check! + yield + rescue ArgumentError => argument_error + if argument_error.message =~ %r{undefined class/module ([\w:]*\w)} + begin + # Note that the regexp does not allow $1 to end with a ':' + $1.constantize + rescue LoadError, NameError => const_error + raise ActionController::SessionRestoreError, "Session contains objects whose class definition isn\\'t available.\nRemember to require the classes for all objects kept in the session.\n(Original exception: \#{const_error.message} [\#{const_error.class}])\n" + end + + retry + else + raise + end end end @@ -107,11 +127,7 @@ module ActionDispatch if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after] session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?) - if session_data.is_a?(AbstractStore::SessionHash) - sid = session_data.id - else - sid = generate_sid - end + sid = options[:id] || generate_sid unless set_session(env, sid, session_data.to_hash) return response @@ -128,12 +144,9 @@ module ActionDispatch cookie << "; HttpOnly" if options[:httponly] headers = response[1] - case a = headers[SET_COOKIE] - when Array - a << cookie - when String - headers[SET_COOKIE] = [a, cookie] - when nil + unless headers[SET_COOKIE].blank? + headers[SET_COOKIE] << "\n#{cookie}" + else headers[SET_COOKIE] = cookie end end diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb index ec93f66a88..433c4cc070 100644 --- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb @@ -88,7 +88,7 @@ module ActionDispatch def call(env) env[ENV_SESSION_KEY] = AbstractStore::SessionHash.new(self, env) - env[ENV_SESSION_OPTIONS_KEY] = @default_options + env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup status, headers, body = @app.call(env) @@ -108,12 +108,9 @@ module ActionDispatch end cookie = build_cookie(@key, cookie.merge(options)) - case headers[HTTP_SET_COOKIE] - when Array - headers[HTTP_SET_COOKIE] << cookie - when String - headers[HTTP_SET_COOKIE] = [headers[HTTP_SET_COOKIE], cookie] - when nil + unless headers[HTTP_SET_COOKIE].blank? + headers[HTTP_SET_COOKIE] << "\n#{cookie}" + else headers[HTTP_SET_COOKIE] = cookie end end @@ -133,7 +130,7 @@ module ActionDispatch expires = "; expires=" + value[:expires].clone.gmtime. strftime("%a, %d-%b-%Y %H:%M:%S GMT") if value[:expires] secure = "; secure" if value[:secure] - httponly = "; httponly" if value[:httponly] + httponly = "; HttpOnly" if value[:httponly] value = value[:value] end value = [value] unless Array === value |