From 3ff6b00ee30d0961f57e3c4b64ec8ff0155aaf2d Mon Sep 17 00:00:00 2001 From: Lourens Naude Date: Thu, 18 Dec 2008 11:33:53 -0600 Subject: Persistent session identifier support for CookieSessionStore and API compat. with the server side stores [#1591 state:resolved] Signed-off-by: Joshua Peek --- .../action_controller/session/abstract_store.rb | 14 ++++++++ .../lib/action_controller/session/cookie_store.rb | 38 ++++++++++++++-------- 2 files changed, 39 insertions(+), 13 deletions(-) (limited to 'actionpack/lib/action_controller/session') diff --git a/actionpack/lib/action_controller/session/abstract_store.rb b/actionpack/lib/action_controller/session/abstract_store.rb index c6dd865fad..7874ee5a28 100644 --- a/actionpack/lib/action_controller/session/abstract_store.rb +++ b/actionpack/lib/action_controller/session/abstract_store.rb @@ -21,6 +21,13 @@ module ActionController @id end + def session_id + ActiveSupport::Deprecation.warn( + "ActionController::Session::AbstractStore::SessionHash#session_id" + + "has been deprecated.Please use #id instead.", caller) + id + end + def [](key) load! unless @loaded super @@ -37,6 +44,13 @@ module ActionController h end + def data + ActiveSupport::Deprecation.warn( + "ActionController::Session::AbstractStore::SessionHash#data" + + "has been deprecated.Please use #to_hash instead.", caller) + to_hash + end + private def load! @id, session = @by.send(:load_session, @env) diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index f4089bfa8b..ce3cf354fd 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -74,17 +74,8 @@ module ActionController freeze end - class SessionHash < AbstractStore::SessionHash - private - def load! - session = @by.send(:load_session, @env) - replace(session) - @loaded = true - end - end - def call(env) - session_data = SessionHash.new(self, env) + session_data = AbstractStore::SessionHash.new(self, env) original_value = session_data.dup env[ENV_SESSION_KEY] = session_data @@ -142,17 +133,18 @@ module ActionController def load_session(env) request = Rack::Request.new(env) session_data = request.cookies[@key] - unmarshal(session_data) || {} + data = unmarshal(session_data) || persistent_session_id!({}) + [data[:session_id], data] end # Marshal a session hash into safe cookie data. Include an integrity hash. def marshal(session) - @verifier.generate(session) + @verifier.generate( persistent_session_id!(session)) end # Unmarshal cookie data to a hash and verify its integrity. def unmarshal(cookie) - @verifier.verify(cookie) if cookie + persistent_session_id!(@verifier.verify(cookie)) if cookie rescue ActiveSupport::MessageVerifier::InvalidSignature nil end @@ -195,6 +187,26 @@ module ActionController key = secret.respond_to?(:call) ? secret.call : secret ActiveSupport::MessageVerifier.new(key, digest) end + + def generate_sid + ActiveSupport::SecureRandom.hex(16) + end + + def persistent_session_id!(data) + (data ||= {}).merge!(inject_persistent_session_id(data)) + end + + def inject_persistent_session_id(data) + requires_session_id?(data) ? { :session_id => generate_sid } : {} + end + + def requires_session_id?(data) + if data + data.respond_to?(:key?) && !data.key?(:session_id) + else + true + end + end end end end -- cgit v1.2.3