Class: ActionController::CgiRequest

Inherits:

AbstractRequest

• Object
• AbstractRequest
• ActionController::CgiRequest

Defined in:

lib/action_controller/cgi_process.rb

Overview

:nodoc:

Defined Under Namespace

Classes: SessionFixationAttempt

Constant Summary

DEFAULT_SESSION_OPTIONS =

{
  :database_manager => CGI::Session::CookieStore, # store data in cookie
  :prefix           => "ruby_sess.",    # prefix session file names
  :session_path     => "/",             # available to all paths in app
  :session_key      => "_session_id",
  :cookie_only      => true,
  :session_http_only=> true
}

Constants inherited from AbstractRequest

AbstractRequest::HTTP_METHODS, AbstractRequest::HTTP_METHOD_LOOKUP, AbstractRequest::TRUSTED_PROXIES

Instance Attribute Summary

• #cgi ⇒ Object

  Returns the value of attribute cgi.

• #session_options ⇒ Object

  Returns the value of attribute session_options.

Attributes inherited from AbstractRequest

#env

Instance Method Summary

• #body_stream ⇒ Object

  :nodoc:.

• #cookies ⇒ Object
• #initialize(cgi, session_options = {}) ⇒ CgiRequest constructor

  A new instance of CgiRequest.

• #method_missing(method_id, *arguments) ⇒ Object
• #query_string ⇒ Object
• #reset_session ⇒ Object
• #session ⇒ Object

Methods inherited from AbstractRequest

#accepts, #body, #cache_format, clean_up_ajax_request_body!, #content_length, #content_type, #delete?, #domain, #etag_matches?, extract_content_type_without_parameters, extract_multipart_boundary, #format, #format=, #fresh?, #get?, #head?, #headers, #host, #host_with_port, #if_modified_since, #if_none_match, #method, #not_modified?, #parameters, parse_multipart_form_parameters, parse_query_parameters, parse_request_parameters, #path, #path_parameters, #path_parameters=, #port, #port_string, #post?, #protocol, #put?, #query_parameters, #raw_host_with_port, #raw_post, #referrer, relative_url_root=, #remote_addr, #remote_ip, #request_method, #request_parameters, #request_uri, #server_software, #session=, #ssl?, #standard_port, #subdomains, #symbolized_path_parameters, #template_format, #url, #xml_http_request?

Constructor Details

#initialize(cgi, session_options = {}) ⇒ CgiRequest

Returns a new instance of CgiRequest.

# File 'lib/action_controller/cgi_process.rb', line 49

def initialize(cgi, session_options = {})
  @cgi = cgi
  @session_options = session_options
  @env = @cgi.__send__(:env_table)
  super()
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method_id, *arguments) ⇒ Object

# File 'lib/action_controller/cgi_process.rb', line 110

def method_missing(method_id, *arguments)
  @cgi.__send__(method_id, *arguments) rescue super
end

Instance Attribute Details

#cgi ⇒ Object

Returns the value of attribute cgi.

# File 'lib/action_controller/cgi_process.rb', line 36

def cgi
  @cgi
end

#session_options ⇒ Object

Returns the value of attribute session_options.

# File 'lib/action_controller/cgi_process.rb', line 36

def session_options
  @session_options
end

Instance Method Details

#body_stream ⇒ Object

:nodoc:

# File 'lib/action_controller/cgi_process.rb', line 65

def body_stream #:nodoc:
  @cgi.stdinput
end

#cookies ⇒ Object

# File 'lib/action_controller/cgi_process.rb', line 69

def cookies
  @cgi.cookies.freeze
end

#query_string ⇒ Object

# File 'lib/action_controller/cgi_process.rb', line 56

def query_string
  qs = @cgi.query_string if @cgi.respond_to?(:query_string)
  if !qs.blank?
    qs
  else
    super
  end
end

#reset_session ⇒ Object

# File 'lib/action_controller/cgi_process.rb', line 105

def reset_session
  @session.delete if defined?(@session) && @session.is_a?(CGI::Session)
  @session = new_session
end

#session ⇒ Object

# File 'lib/action_controller/cgi_process.rb', line 73

def session
  unless defined?(@session)
    if @session_options == false
      @session = Hash.new
    else
      stale_session_check! do
        if cookie_only? && query_parameters[session_options_with_string_keys['session_key']]
          raise SessionFixationAttempt
        end
        case value = session_options_with_string_keys['new_session']
          when true
            @session = new_session
          when false
            begin
              @session = CGI::Session.new(@cgi, session_options_with_string_keys)
            # CGI::Session raises ArgumentError if 'new_session' == false
            # and no session cookie or query param is present.
            rescue ArgumentError
              @session = Hash.new
            end
          when nil
            @session = CGI::Session.new(@cgi, session_options_with_string_keys)
          else
            raise ArgumentError, "Invalid new_session option: #{value}"
        end
        @session['__valid_session']
      end
    end
  end
  @session
end