Class: Merb::CookieSession
- Inherits:
-
SessionContainer
- Object
- Mash
- SessionContainer
- Merb::CookieSession
- Defined in:
- lib/merb-core/dispatch/session/cookie.rb
Overview
If you have more than 4K of session data or don’t want your data to be visible to the user, pick another session store.
CookieOverflow is raised if you attempt to store more than 4K of data. TamperedWithCookie is raised if the data integrity check fails.
A message digest is included with the cookie to ensure data integrity: a user cannot alter session data without knowing the secret key included in the hash.
To use Cookie Sessions, set in config/merb.yml
:session_secret_key - your secret digest key
:session_store: cookie
Defined Under Namespace
Classes: CookieOverflow, TamperedWithCookie
Constant Summary collapse
- MAX =
Cookies can typically store 4096 bytes.
4096
- DIGEST =
or MD5, RIPEMD160, SHA256?
OpenSSL::Digest::Digest.new('SHA1')
Instance Attribute Summary collapse
-
#_original_session_data ⇒ Object
Returns the value of attribute _original_session_data.
Attributes inherited from SessionContainer
#needs_new_cookie, #session_id
Class Method Summary collapse
-
.generate ⇒ Object
Generates a new session ID and creates a new session.
-
.setup(request) ⇒ Object
Set up a new session on request: make it available on request instance.
Instance Method Summary collapse
-
#finalize(request) ⇒ Object
Teardown and/or persist the current session.
-
#initialize(session_id, cookie, secret) ⇒ CookieSession
constructor
Parameters session_id<String>:: A unique identifier for this session.
-
#regenerate ⇒ Object
Regenerate the session_id.
-
#to_cookie ⇒ Object
Create the raw cookie string; includes an HMAC keyed message digest.
Methods inherited from SessionContainer
Constructor Details
#initialize(session_id, cookie, secret) ⇒ CookieSession
Parameters
- session_id<String>
-
A unique identifier for this session.
- cookie<String>
-
The raw cookie data.
- secret<String>
-
A session secret.
Raises
- ArgumentError
-
Nil or blank secret.
71 72 73 74 75 76 77 78 79 80 |
# File 'lib/merb-core/dispatch/session/cookie.rb', line 71 def initialize(session_id, , secret) super session_id if secret.blank? || secret.length < 16 msg = "You must specify a session_secret_key in your init file, and it must be at least 16 characters" Merb.logger.warn(msg) raise ArgumentError, msg end @secret = secret self.update(unmarshal()) end |
Instance Attribute Details
#_original_session_data ⇒ Object
Returns the value of attribute _original_session_data.
33 34 35 |
# File 'lib/merb-core/dispatch/session/cookie.rb', line 33 def _original_session_data @_original_session_data end |
Class Method Details
.generate ⇒ Object
Generates a new session ID and creates a new session.
Returns
- SessionContainer
-
The new session.
43 44 45 |
# File 'lib/merb-core/dispatch/session/cookie.rb', line 43 def generate self.new(Merb::SessionMixin.rand_uuid, "", Merb::Request._session_secret_key) end |
.setup(request) ⇒ Object
Set up a new session on request: make it available on request instance.
Parameters
- request<Merb::Request>
-
The Merb::Request that came in from Rack.
Returns
- SessionContainer
-
a SessionContainer. If no sessions were found,
a new SessionContainer will be generated.
55 56 57 58 59 60 |
# File 'lib/merb-core/dispatch/session/cookie.rb', line 55 def setup(request) session = self.new(Merb::SessionMixin.rand_uuid, request., request._session_secret_key) session._original_session_data = session. request.session = session end |
Instance Method Details
#finalize(request) ⇒ Object
Teardown and/or persist the current session.
If @_destroy is true, clear out the session completely, including removal of the session cookie itself.
Parameters
- request<Merb::Request>
-
request object created from Rack environment.
89 90 91 92 93 94 95 |
# File 'lib/merb-core/dispatch/session/cookie.rb', line 89 def finalize(request) if @_destroy request. elsif _original_session_data != (new_session_data = self.) request.(new_session_data) end end |
#regenerate ⇒ Object
Regenerate the session_id.
98 99 100 |
# File 'lib/merb-core/dispatch/session/cookie.rb', line 98 def regenerate self.session_id = Merb::SessionMixin.rand_uuid end |
#to_cookie ⇒ Object
Create the raw cookie string; includes an HMAC keyed message digest.
Returns
- String
-
Cookie value.
Raises
- CookieOverflow
-
More than 4K of data put into session.
Notes
Session data is converted to a Hash first, since a container might choose to marshal it, which would make it persist attributes like ‘needs_new_cookie’, which it shouldn’t.
114 115 116 117 118 119 120 121 122 123 124 125 |
# File 'lib/merb-core/dispatch/session/cookie.rb', line 114 def unless self.empty? data = self.serialize value = Merb::Request.escape "#{data}--#{generate_digest(data)}" if value.size > MAX msg = "Cookies have limit of 4K. Session contents: #{data.inspect}" Merb.logger.error!(msg) raise CookieOverflow, msg end value end end |