aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/session
Commit message (Collapse)AuthorAgeFilesLines
* Ruby 1.9 compat: move from the deprecated Base64 module to ↵Jeremy Kemper2007-12-182-11/+9
| | | | | | ActiveSupport::Base64. Closes #10554. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8433 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix doc (closes #10526)David Heinemeier Hansson2007-12-161-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8423 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Introduce (in /Users/jeremy/rails/git/trunk) to output a crytographically ↵Jeremy Kemper2007-12-151-0/+3
| | | | | | secure secret key for use with cookie sessions. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8400 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Improve error messages when providing a secret that is too short. Closes ↵Michael Koziarski2007-11-241-4/+5
| | | | | | #10238 [Henrik N] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8200 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Make sure that cookie sessions use a secret that is at least 30 chars in ↵Michael Koziarski2007-11-211-3/+17
| | | | | | length. [Koz] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8184 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Emphasize the importance of a dictionary attack-proof secret for the cookie ↵David Heinemeier Hansson2007-11-211-1/+4
| | | | | | store git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8181 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Memcached sessions: add session data on initialization; don't silently ↵Jeremy Kemper2007-10-141-15/+8
| | | | | | discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Use #require_library_or_gem to load the memcache library for the MemCache ↵Rick Olson2007-10-031-1/+1
| | | | | | session and fragment cache stores. Closes #8662. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7725 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Random hits from the style naziDavid Heinemeier Hansson2007-09-091-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7438 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix failing active record store testsMichael Koziarski2007-08-141-1/+2
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7317 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cookie session store: ensure that new sessions doesn't reuse data from a ↵Jeremy Kemper2007-03-141-0/+6
| | | | | | deleted session in the same request. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6424 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cookie session store: raise ArgumentError when :session_key is blank.Jeremy Kemper2007-03-131-1/+6
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6415 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Add a #dbman attr_reader for CGI::Session and make ↵Rick Olson2007-03-061-6/+6
| | | | | | | | CGI::Session::CookieStore#generate_digest public so it's easy to generate digests using the cookie store's secret. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6342 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cookie store: use OpenSSL::HMAC instead of basic hash. Introduce :secret ↵Jeremy Kemper2007-03-031-13/+28
| | | | | | block and :digest option. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6296 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cookie store: test that >4K raises CookieOverflow and that unverifiable ↵Jeremy Kemper2007-03-031-1/+4
| | | | | | cookies are automatically deleted. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6294 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cookie session store: empty and unchanged sessions don't write a cookie.Jeremy Kemper2007-02-251-1/+2
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6226 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* CGI escape the session cookie.Jeremy Kemper2007-02-221-2/+2
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6200 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Introduce a cookie-based session store as the Rails default. Sessions ↵Jeremy Kemper2007-02-211-0/+113
| | | | | | typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. A secure hash is included with the cookie to ensure data integrity (a user cannot alter his user_id without knowing the secret key included in the hash). If you have more than 4K of session data or don't want your data to be visible to the user, pick another session store. Cookie-based sessions are dramatically faster than the alternatives. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6184 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* ARStore needs a data reader method. Closes #4795.Jeremy Kemper2006-11-151-0/+2
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5531 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Always clear model associations from session. Closes #4795.Jeremy Kemper2006-11-132-0/+8
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5512 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix problem with unloaded ARStore sessions being loaded when they are ↵Jamis Buck2006-03-081-9/+14
| | | | | | garbage collected, causing problems if there were AR objects in the session. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3817 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Major components cleanup and speedup. Closes #3527.Jeremy Kemper2006-02-091-1/+3
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3563 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Further improvements to reloading codeNicholas Seckar2006-02-021-5/+0
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3519 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* If included_modules doesnt take a parameter, we shouldnt eitherDavid Heinemeier Hansson2006-02-011-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3509 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix Syntax problems which were preventing webrick from startingMichael Koziarski2006-02-011-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3508 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* ActiveRecordStore::Session shouldnt be reloadableDavid Heinemeier Hansson2006-02-011-0/+5
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3506 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added the possibility to specify atomatic expiration for the memcachd ↵David Heinemeier Hansson2006-01-221-12/+18
| | | | | | session container (closes #3571) [Stefan Kaes] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3465 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Add session ID to default logging, but remove the verbose description of ↵David Heinemeier Hansson2005-12-221-15/+0
| | | | | | every step [DHH] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3334 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Make data writer private. Marshal/unmarshal handle nil.Jeremy Kemper2005-11-201-8/+8
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3108 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Log ActiveRecordStore debugging.Jeremy Kemper2005-11-201-0/+19
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3107 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* r3173@asus: jeremy | 2005-11-18 23:34:41 -0800Jeremy Kemper2005-11-201-9/+4
| | | | | | | | | | | | | | | | | | | | | Ticket 2731 - sessions r3185@asus: jeremy | 2005-11-19 18:02:51 -0800 eliminate const redefinition warning r3186@asus: jeremy | 2005-11-19 19:25:50 -0800 Use :database option instead of :dbfile r3187@asus: jeremy | 2005-11-19 19:34:31 -0800 Data writer assigns to instance var. Since nothing is calling write_attribute on the data column except for marshal_data, simplify data reader to lazy-unmarshal the data column (no worrying whether it's already unmarshaled) r3188@asus: jeremy | 2005-11-19 19:35:40 -0800 Explicitly create the session class so that subsequent requests for the session can find it in the database. This is masking a problem with the controller losing its @session instance var and therefore requesting a new session. r3189@asus: jeremy | 2005-11-19 19:36:40 -0800 Using create unnecessarily broadens the existing duck-typing so use new + save instead. r3194@asus: jeremy | 2005-11-19 20:28:17 -0800 Test creation of another instance while first instance is still active. Should return same session_id. r3195@asus: jeremy | 2005-11-19 20:39:45 -0800 Always create new AR sessions rather than trying too hard to avoid database traffic. References #2731. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3100 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* CGI::Session::ActiveRecordStore.data_column_name = 'foobar' to use a ↵Jeremy Kemper2005-11-091-40/+51
| | | | | | different session data column than the 'data' default. References #2731. Remove error-prone method_missing passthrough to session model. Cleanup. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2944 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Remove fingerprinting from AR session store; fix bug in store. Closes #2612Nicholas Seckar2005-10-261-29/+18
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2754 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Expose the session model backing CGI::SessionJeremy Kemper2005-10-201-0/+15
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2696 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Use the more appropriate columns_hash to get the session data column size limit.Marcel Molina2005-10-171-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2663 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Allow ARStore::Session to indicate that it should not be reloaded in dev modeJamis Buck2005-10-151-0/+5
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2627 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Raise an exception if an attempt is made to insert more session data into ↵Marcel Molina2005-10-151-4/+28
| | | | | | the ActiveRecordStore data column than the column can hold. Closes #2234. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2612 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added small note about how longtext might be needed for large session dataDavid Heinemeier Hansson2005-09-201-2/+3
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2275 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Use session_id instead of deprecated sessidDavid Heinemeier Hansson2005-09-121-1/+0
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2221 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* r2932@asus: jeremy | 2005-07-08 14:21:36 -0700Jeremy Kemper2005-07-081-4/+4
| | | | | | | Silence find_by_session_id also. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1771 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* r2866@asus: jeremy | 2005-07-05 13:23:10 -0700Jeremy Kemper2005-07-051-4/+7
| | | | | | | Silence ARStore session activity in the logs. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1711 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* r2850@asus: jeremy | 2005-07-05 13:08:32 -0700Jeremy Kemper2005-07-051-6/+10
| | | | | | | Don't be strict about the order in which AR store methods are called. Allow e.g. session close followed by session close. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1710 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* r2837@asus: jeremy | 2005-07-05 00:34:31 -0700Jeremy Kemper2005-07-051-20/+19
| | | | | | | Don't restrict sessid compat. check to a single run. Reset cached column info before checking in case it's stale (may happen if you change table_name). Make the test a private class method. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1693 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* r2810@asus: jeremy | 2005-07-04 19:29:54 -0700Jeremy Kemper2005-07-041-8/+23
| | | | | | | correct marshaling and fingerprinting logic git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1682 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* r2807@asus: jeremy | 2005-07-04 18:15:18 -0700Jeremy Kemper2005-07-041-22/+22
| | | | | | | Fingerprint the marshaled data. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1679 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* r2790@asus: jeremy | 2005-07-04 16:30:58 -0700Jeremy Kemper2005-07-041-52/+232
| | | | | | | smart active record session class. session class is pluggable; a basic SqlBypass class is provided. set CGI::Session::ActiveRecordStore.session_class = SqlBypass and set SqlBypass.connection = SomeARConnection. Further tests pending. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1671 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Changed ActiveRecordStore to use Marshal instead of YAML as the latter ↵David Heinemeier Hansson2005-03-061-10/+23
| | | | | | proved troublesome in persisting circular dependencies. Updating existing applications MUST clear their existing session table from data to start using this updated store #739 [Jamis Buck] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@866 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed the verbosity of using the AR storeDavid Heinemeier Hansson2005-02-171-3/+5
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@639 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Make the store less verbose when saving the session dataDavid Heinemeier Hansson2005-02-071-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@529 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed documentation snafus #575, #576, #577, #585David Heinemeier Hansson2005-02-071-2/+2
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@525 5ecf4fe2-1ee6-0310-87b1-e25e094e27de