Class: ActionController::Session::AbstractStore

Inherits:
Object
  • Object
show all
Defined in:
lib/action_controller/session/abstract_store.rb

Defined Under Namespace

Classes: SessionHash

Constant Summary collapse

ENV_SESSION_KEY =
'rack.session'.freeze
ENV_SESSION_OPTIONS_KEY =
'rack.session.options'.freeze
'HTTP_COOKIE'.freeze
'Set-Cookie'.freeze
DEFAULT_OPTIONS =
{
  :key =>           '_session_id',
  :path =>          '/',
  :domain =>        nil,
  :expire_after =>  nil,
  :secure =>        false,
  :httponly =>      true,
  :cookie_only =>   true
}

Instance Method Summary collapse

Constructor Details

#initialize(app, options = {}) ⇒ AbstractStore

Returns a new instance of AbstractStore.



97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# File 'lib/action_controller/session/abstract_store.rb', line 97

def initialize(app, options = {})
  # Process legacy CGI options
  options = options.symbolize_keys
  if options.has_key?(:session_path)
    options[:path] = options.delete(:session_path)
  end
  if options.has_key?(:session_key)
    options[:key] = options.delete(:session_key)
  end
  if options.has_key?(:session_http_only)
    options[:httponly] = options.delete(:session_http_only)
  end

  @app = app
  @default_options = DEFAULT_OPTIONS.merge(options)
  @key = @default_options[:key]
  @cookie_only = @default_options[:cookie_only]
end

Instance Method Details

#call(env) ⇒ Object



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# File 'lib/action_controller/session/abstract_store.rb', line 116

def call(env)
  session = SessionHash.new(self, env)

  env[ENV_SESSION_KEY] = session
  env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup

  response = @app.call(env)

  session_data = env[ENV_SESSION_KEY]
  options = env[ENV_SESSION_OPTIONS_KEY]

  if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
    session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)

    sid = options[:id] || generate_sid

    unless set_session(env, sid, session_data.to_hash)
      return response
    end

    cookie = Rack::Utils.escape(@key) + '=' + Rack::Utils.escape(sid)
    cookie << "; domain=#{options[:domain]}" if options[:domain]
    cookie << "; path=#{options[:path]}" if options[:path]
    if options[:expire_after]
      expiry = Time.now + options[:expire_after]
      cookie << "; expires=#{expiry.httpdate}"
    end
    cookie << "; Secure" if options[:secure]
    cookie << "; HttpOnly" if options[:httponly]

    headers = response[1]
    unless headers[SET_COOKIE].blank?
      headers[SET_COOKIE] << "\n#{cookie}"
    else
      headers[SET_COOKIE] = cookie
    end
  end

  response
end