aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/session/cookie_store.rb
Commit message (Collapse)AuthorAgeFilesLines
* Added support for http_only cookies in cookie_store Added unit tests for ↵Pelle Braendgaard2008-09-171-1/+2
| | | | | | | secure and http_only cookies in cookie_store Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1046 state:committed]
* Strip newlines from cookie session dataJeremy Kemper2008-08-051-1/+1
|
* Merge docrails.Pratik Naik2008-05-251-1/+1
| | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Don't double-escape cookie store data. Don't split cookie values with ↵Rich Cavanaugh2008-05-121-3/+6
| | | | | | newlines into an array. [#130 state:resolved] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Improve documentation coverage and markupXavier Noria2008-05-021-13/+13
| | | | Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
* Ruby 1.9 compat: cookie store delete sets nil value instead of empty stringJeremy Kemper2008-01-071-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8589 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Ruby 1.9 compat: move from the deprecated Base64 module to ↵Jeremy Kemper2007-12-181-3/+2
| | | | | | ActiveSupport::Base64. Closes #10554. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8433 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix doc (closes #10526)David Heinemeier Hansson2007-12-161-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8423 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Introduce (in /Users/jeremy/rails/git/trunk) to output a crytographically ↵Jeremy Kemper2007-12-151-0/+3
| | | | | | secure secret key for use with cookie sessions. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8400 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Improve error messages when providing a secret that is too short. Closes ↵Michael Koziarski2007-11-241-4/+5
| | | | | | #10238 [Henrik N] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8200 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Make sure that cookie sessions use a secret that is at least 30 chars in ↵Michael Koziarski2007-11-211-3/+17
| | | | | | length. [Koz] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8184 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Emphasize the importance of a dictionary attack-proof secret for the cookie ↵David Heinemeier Hansson2007-11-211-1/+4
| | | | | | store git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8181 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cookie session store: ensure that new sessions doesn't reuse data from a ↵Jeremy Kemper2007-03-141-0/+6
| | | | | | deleted session in the same request. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6424 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cookie session store: raise ArgumentError when :session_key is blank.Jeremy Kemper2007-03-131-1/+6
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6415 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Add a #dbman attr_reader for CGI::Session and make ↵Rick Olson2007-03-061-6/+6
| | | | | | | | CGI::Session::CookieStore#generate_digest public so it's easy to generate digests using the cookie store's secret. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6342 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cookie store: use OpenSSL::HMAC instead of basic hash. Introduce :secret ↵Jeremy Kemper2007-03-031-13/+28
| | | | | | block and :digest option. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6296 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cookie store: test that >4K raises CookieOverflow and that unverifiable ↵Jeremy Kemper2007-03-031-1/+4
| | | | | | cookies are automatically deleted. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6294 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cookie session store: empty and unchanged sessions don't write a cookie.Jeremy Kemper2007-02-251-1/+2
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6226 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* CGI escape the session cookie.Jeremy Kemper2007-02-221-2/+2
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6200 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Introduce a cookie-based session store as the Rails default. Sessions ↵Jeremy Kemper2007-02-211-0/+113
typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. A secure hash is included with the cookie to ensure data integrity (a user cannot alter his user_id without knowing the secret key included in the hash). If you have more than 4K of session data or don't want your data to be visible to the user, pick another session store. Cookie-based sessions are dramatically faster than the alternatives. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6184 5ecf4fe2-1ee6-0310-87b1-e25e094e27de