From b23ffd0dac895aa3fd3afd8d9be36794941731b2 Mon Sep 17 00:00:00 2001
From: Lukasz Sarnacki <lukesarnacki@gmail.com>
Date: Fri, 10 Jan 2014 12:57:50 +0100
Subject: Allow session serializer key in config.session_store

MessageEncryptor has :serializer option, where any serializer object can
be passed. This commit make it possible to set this serializer from configuration
level.

There are predefined serializers (:marshal_serializer, :json_serialzier)
and custom serializer can be passed as String, Symbol (camelized and
constantized in ActionDispatch::Session namepspace) or serializer object.

Default :json_serializer was also added to generators to provide secure
defalt.
---
 railties/lib/rails/application.rb                                      | 3 ++-
 .../rails/app/templates/config/initializers/session_store.rb.tt        | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'railties/lib')

diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 05acd78d98..36432e56ba 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -205,7 +205,8 @@ module Rails
           "action_dispatch.http_auth_salt" => config.action_dispatch.http_auth_salt,
           "action_dispatch.signed_cookie_salt" => config.action_dispatch.signed_cookie_salt,
           "action_dispatch.encrypted_cookie_salt" => config.action_dispatch.encrypted_cookie_salt,
-          "action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt
+          "action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt,
+          "action_dispatch.session_serializer" => config.session_options[:serializer]
         })
       end
     end
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/session_store.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/session_store.rb.tt
index 2bb9b82c61..923d423287 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/session_store.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/session_store.rb.tt
@@ -1,3 +1,3 @@
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :cookie_store, key: <%= "'_#{app_name}_session'" %>
+Rails.application.config.session_store :cookie_store, key: <%= "'_#{app_name}_session'" %>, serializer: :json_serializer
-- 
cgit v1.2.3