Class: ActionController::Session::AbstractStore

Inherits:
Object
  • Object
show all
Includes:
SessionUtils
Defined in:
lib/action_controller/session/abstract_store.rb

Defined Under Namespace

Modules: SessionUtils Classes: OptionsHash, SessionHash

Constant Summary collapse

ENV_SESSION_KEY = 
'rack.session'.freeze
ENV_SESSION_OPTIONS_KEY = 
'rack.session.options'.freeze
'HTTP_COOKIE'.freeze
'Set-Cookie'.freeze
DEFAULT_OPTIONS = 
{
  :key =>           '_session_id',
  :path =>          '/',
  :domain =>        nil,
  :expire_after =>  nil,
  :secure =>        false,
  :httponly =>      true,
  :cookie_only =>   true
}

Instance Method Summary collapse

Constructor Details

#initialize(app, options = {}) ⇒ AbstractStore

Returns a new instance of AbstractStore.



150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
 
# File 'lib/action_controller/session/abstract_store.rb', line 150

def initialize(app, options = {})
  # Process legacy CGI options
  options = options.symbolize_keys
  if options.has_key?(:session_path)
    ActiveSupport::Deprecation.warn "Giving :session_path to SessionStore is deprecated, " <<
      "please use :path instead", caller
    options[:path] = options.delete(:session_path)
  end
  if options.has_key?(:session_key)
    ActiveSupport::Deprecation.warn "Giving :session_key to SessionStore is deprecated, " <<
      "please use :key instead", caller
    options[:key] = options.delete(:session_key)
  end
  if options.has_key?(:session_http_only)
    ActiveSupport::Deprecation.warn "Giving :session_http_only to SessionStore is deprecated, " <<
      "please use :httponly instead", caller
    options[:httponly] = options.delete(:session_http_only)
  end

  @app = app
  @default_options = DEFAULT_OPTIONS.merge(options)
  @key = @default_options[:key]
  @cookie_only = @default_options[:cookie_only]
end

Instance Method Details

#call(env) ⇒ Object 



175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
 
# File 'lib/action_controller/session/abstract_store.rb', line 175

def call(env)
  prepare!(env)
  response = @app.call(env)

  session_data = env[ENV_SESSION_KEY]
  options = env[ENV_SESSION_OPTIONS_KEY]

  if !session_data.is_a?(AbstractStore::SessionHash) || session_data.loaded? || options[:expire_after]
    request = ActionController::Request.new(env)

    return response if (options[:secure] && !request.ssl?)
  
    session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.loaded?

    sid = options[:id] || generate_sid

    unless set_session(env, sid, session_data.to_hash)
      return response
    end

    request_cookies = env["rack.request.cookie_hash"]

    if (request_cookies.nil? || request_cookies[@key] != sid) || options[:expire_after]
      cookie = {:value => sid}
      cookie[:expires] = Time.now + options[:expire_after] if options[:expire_after]
      Rack::Utils.set_cookie_header!(response[1], @key, cookie.merge(options))
    end
  end

  response
end