Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fixed session ID fixation for ActiveRecord::SessionStore | Joseph Wong | 2011-07-12 | 1 | -0/+31 |
| | | | | | | | | | | | | | | | | | I have found that Rails will take an invalid session ID specified by the client and materialize a session based on that session ID. This means that it is possible, among other things, for a client to use an arbitrarily weak session ID or for a client to resurrect a previous used session ID. In other words, we cannot guarantee that all session IDs are generated by the server and that they are (statistically) unique through time. The fix is to always generate a new session ID in #get_session if an existing session cannot be found under the incoming session ID. Also added new tests that make sure that an invalid session ID is never materialized into a new session, regardless of whether it comes in via a cookie or a URL parameter (when :cookie_only => false). | ||||
* | Ensure calling reset session twice does not raise errors. | José Valim | 2010-11-20 | 1 | -0/+12 |
| | |||||
* | Allow AR Session Store to be renewed | José Valim | 2010-11-11 | 1 | -0/+20 |
| | |||||
* | Remove deprecated stuff in ActionController | Carlos Antonio da Silva | 2010-09-26 | 1 | -1/+1 |
| | | | | | | This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController. | ||||
* | Removed deprecated RouteSet API, still many tests fail | Piotr Sarnacki | 2010-09-05 | 1 | -1/+1 |
| | |||||
* | Make sure that Rails doesn't resent session_id cookie over and over again if ↵ | Prem Sichanugrist | 2010-06-25 | 1 | -0/+12 |
| | | | | | | | | it's already there [#2485 state:resolved] This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie. Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Sessions should not be created until written to and session data should be ↵ | Michael Lovitt | 2010-06-23 | 1 | -2/+33 |
| | | | | | | | | destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Cut the fat and make session stores rely on request.cookie_jar and change ↵ | José Valim | 2010-05-18 | 1 | -1/+7 |
| | | | | set_session semantics to return the cookie value instead of a boolean. | ||||
* | Use new routing dsl in tests | Joshua Peek | 2009-12-08 | 1 | -1/+1 |
| | |||||
* | Add custom "with_routing" to internal tests to fix reseting session after using | Joshua Peek | 2009-10-03 | 1 | -1/+0 |
| | | | | with_routing. This only affects our internal AP tests. | ||||
* | Allow integration test rack app to be set with "@app" ivar instead of using ↵ | Joshua Peek | 2009-09-26 | 1 | -8/+5 |
| | | | | open_session | ||||
* | Clean up session integration tests so they don't reference AC::Dispatcher | Joshua Peek | 2009-09-26 | 1 | -21/+6 |
| | |||||
* | Need to reset session for AR session tests after altering the route set | Joshua Peek | 2009-09-06 | 1 | -0/+1 |
| | |||||
* | Reset session in integration tests after changing routes to reload the ↵ | Joshua Peek | 2009-08-27 | 1 | -11/+14 |
| | | | | middleware stack | ||||
* | Revert "Only save the session if we're actually writing to it [#2703 ↵ | Joshua Peek | 2009-05-30 | 1 | -22/+0 |
| | | | | | | state:resolved]" This reverts commit dd98280e38d640f5724887cf8a715b79f0439d2d. | ||||
* | Only save the session if we're actually writing to it [#2703 state:resolved] | Johan Sörensen | 2009-05-28 | 1 | -0/+22 |
| | | | | Signed-off-by: Joshua Peek <josh@joshpeek.com> | ||||
* | Fix reset_session with ActiveRecord store [#2200 state:resolved] | Joshua Peek | 2009-05-17 | 1 | -3/+3 |
| | |||||
* | Make it clearer that session is nil | Jeremy Kemper | 2009-04-26 | 1 | -0/+1 |
| | |||||
* | Ensure SqlBypass use ActiveRecord::Base connection | Luca Guidi | 2009-04-05 | 1 | -17/+28 |
| | | | | | Signed-off-by: Michael Koziarski <michael@koziarski.com> [#https://rails.lighthouseapp.com/attachments/106066/0001-Ensure-SqlBypass-use-ActiveRecord-Base-connection.patch state:committed] | ||||
* | reset_session should force a new session id to be generated [#2173] | Joshua Peek | 2009-03-09 | 1 | -0/+25 |
| | |||||
* | Fixed reset_session for ActiveRecord session store [#2108 state:resolved] | Joshua Peek | 2009-03-03 | 1 | -0/+21 |
| | |||||
* | Switch to Rack based session stores. | Joshua Peek | 2008-12-15 | 1 | -107/+95 |
| | |||||
* | Use autoload instead of explicit requires for ActionController | Joshua Peek | 2008-11-23 | 1 | -1/+0 |
| | |||||
* | require abstract_unit directly since test is in load path | Jeremy Kemper | 2008-01-05 | 1 | -2/+1 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Ruby 1.9 compat: move from the deprecated Base64 module to ↵ | Jeremy Kemper | 2007-12-18 | 1 | -1/+1 |
| | | | | | | ActiveSupport::Base64. Closes #10554. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8433 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fixed spelling errors (closes #9706) [tarmo/rmm5t] | David Heinemeier Hansson | 2007-09-28 | 1 | -1/+1 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7666 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Use a consistent load path to avoid double requires. Fix some scattered Ruby ↵ | Jeremy Kemper | 2007-01-28 | 1 | -1/+1 |
| | | | | | | warnings. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6057 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | use ActiveRecordTestCase | Jeremy Kemper | 2006-09-22 | 1 | -2/+2 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5162 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Clean up and run the Active Record integration tests by default. Closes #5854. | Jeremy Kemper | 2006-08-22 | 1 | -34/+1 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4807 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Clean up and run the Active Record integration tests by default. | Jeremy Kemper | 2006-08-22 | 1 | -0/+1 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4804 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Fix problem with unloaded ARStore sessions being loaded when they are ↵ | Jamis Buck | 2006-03-08 | 1 | -0/+22 |
| | | | | | | garbage collected, causing problems if there were AR objects in the session. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3817 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Major components cleanup and speedup. Closes #3527. | Jeremy Kemper | 2006-02-09 | 1 | -4/+5 |
| | | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3563 5ecf4fe2-1ee6-0310-87b1-e25e094e27de | ||||
* | Move active_record_store_test.rb to test/activerecord/. Closes #3790. | Jeremy Kemper | 2006-02-09 | 1 | -0/+151 |
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3556 5ecf4fe2-1ee6-0310-87b1-e25e094e27de |