Module: SessionOff::ClassMethods

Defined in:
lib/session_off.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.extended(base) ⇒ Object 



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/session_off.rb', line 36

def self.extended(base)
  return if base.respond_to?(:session_options_array)
  if base.respond_to?(:class_attribute)
    base.class_attribute :session_options_array,
                         :instance_reader => false, :instance_writer => false
  else
    base.class_eval do
      def session_options_array
        read_inheritable_attribute(:session_options)
      end
      def session_options_array=(array)
        write_inheritable_array(:session_options, array)
      end
    end
  end
end

Instance Method Details

#session(*args) ⇒ Object

Specify how sessions ought to be managed for a subset of the actions on the controller. Like filters, you can specify :only and :except clauses to restrict the subset, otherwise options apply to all actions on this controller.

The session options are inheritable, as well, so if you specify them in a parent controller, they apply to controllers that extend the parent.

Usage:

# turn off session management for all actions.
session :off

# turn off session management for all actions _except_ foo and bar.
session :off, :except => %w(foo bar)

# turn off session management for only the foo and bar actions.
session :off, :only => %w(foo bar)

# the session will only work over HTTPS, but only for the foo action
session :only => :foo, :session_secure => true

# the session by default uses HttpOnly sessions for security reasons.
# this can be switched off.
session :only => :foo, :session_http_only => false

# the session will only be disabled for 'foo', and only if it is
# requested as a web service
session :off, :only => :foo,
        :if => Proc.new { |req| req.parameters[:ws] }

# the session will be disabled for non html/ajax requests
session :off,
  :if => Proc.new { |req| !(req.format.html? || req.format.js?) }

# turn the session back on, useful when it was turned off in the
# application controller, and you need it on in another controller
session :on

All session options described for ActionController::Base.process_cgi are valid arguments.



94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'lib/session_off.rb', line 94

def session(*args)
  options = args.extract_options!

  options[:disabled] = false if args.delete(:on)
  options[:disabled] = true unless args.empty?
  options[:only] = [*options[:only]].map { |o| o.to_s } if options[:only]
  options[:except] = [*options[:except]].map { |o| o.to_s } if options[:except]
  if options[:only] && options[:except]
    raise ArgumentError, "only one of either :only or :except are allowed"
  end

  if session_options_array
    self.session_options_array += [ options ]
  else
    self.session_options_array  = [ options ]
  end
end

#session_options_for(request, action) ⇒ Object 



112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
# File 'lib/session_off.rb', line 112

def session_options_for(request, action)
  session_options =
    defined?(ActionController::Base.session_options) ?
      ActionController::Base.session_options.dup : {}

  if session_options_array.blank?
    session_options
  else
    options = session_options

    action = action.to_s
    session_options_array.each do |opts|
      next if opts[:if] && ! opts[:if].call(request)
      if opts[:only] && opts[:only].include?(action)
        options.merge!(opts)
      elsif opts[:except] && ! opts[:except].include?(action)
        options.merge!(opts)
      elsif ! opts[:only] && ! opts[:except]
        options.merge!(opts)
      end
    end

    options.delete(:only)
    options.delete(:except)
    options.delete(:if)
    options
  end
end