aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/session_management.rb
blob: b556f04649063162cb2d20a7a5a5c041ebd58eba (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
module ActionController #:nodoc:
  module SessionManagement #:nodoc:
    def self.included(base)
      base.class_eval do
        extend ClassMethods
      end
    end

    module ClassMethods
      # Set the session store to be used for keeping the session data between requests.
      # By default, sessions are stored in browser cookies (<tt>:cookie_store</tt>),
      # but you can also specify one of the other included stores (<tt>:active_record_store</tt>,
      # <tt>:mem_cache_store</tt>, or your own custom class.
      def session_store=(store)
        if store == :active_record_store
          self.session_store = ActiveRecord::SessionStore
        else
          @@session_store = store.is_a?(Symbol) ?
            Session.const_get(store.to_s.camelize) :
            store
        end
      end

      # Returns the session store class currently used.
      def session_store
        if defined? @@session_store
          @@session_store
        else
          Session::CookieStore
        end
      end

      def session=(options = {})
        self.session_store = nil if options.delete(:disabled)
        session_options.merge!(options)
      end

      # Returns the hash used to configure the session. Example use:
      #
      #   ActionController::Base.session_options[:secure] = true # session only available over HTTPS
      def session_options
        @session_options ||= {}
      end

      def session(*args)
        ActiveSupport::Deprecation.warn(
          "Disabling sessions for a single controller has been deprecated. " +
          "Sessions are now lazy loaded. So if you don't access them, " +
          "consider them off. You can still modify the session cookie " +
          "options with request.session_options.", caller)
      end
    end
  end
end