Class: ActionController::Session::AbstractStore

Inherits:
Object
  • Object
show all
Defined in:
lib/action_controller/session/abstract_store.rb

Defined Under Namespace

Classes: SessionHash

Constant Summary collapse

ENV_SESSION_KEY = 
'rack.session'.freeze
ENV_SESSION_OPTIONS_KEY = 
'rack.session.options'.freeze

'HTTP_COOKIE'.freeze

'Set-Cookie'.freeze
DEFAULT_OPTIONS = 
{
  :key =>           '_session_id',
  :path =>          '/',
  :domain =>        nil,
  :expire_after =>  nil,
  :secure =>        false,
  :httponly =>      true,
  :cookie_only =>   true
}

Instance Method Summary collapse

Constructor Details

#initialize(app, options = {}) ⇒ AbstractStore

Returns a new instance of AbstractStore.



97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
# File 'lib/action_controller/session/abstract_store.rb', line 97

def initialize(app, options = {})
  # Process legacy CGI options
  options = options.symbolize_keys
  if options.has_key?(:session_path)
    ActiveSupport::Deprecation.warn "Giving :session_path to SessionStore is deprecated, " <<
      "please use :path instead", caller
    options[:path] = options.delete(:session_path)
  end
  if options.has_key?(:session_key)
    ActiveSupport::Deprecation.warn "Giving :session_key to SessionStore is deprecated, " <<
      "please use :key instead", caller
    options[:key] = options.delete(:session_key)
  end
  if options.has_key?(:session_http_only)
    ActiveSupport::Deprecation.warn "Giving :session_http_only to SessionStore is deprecated, " <<
      "please use :httponly instead", caller
    options[:httponly] = options.delete(:session_http_only)
  end

  @app = app
  @default_options = DEFAULT_OPTIONS.merge(options)
  @key = @default_options[:key]
  @cookie_only = @default_options[:cookie_only]
end

Instance Method Details

#call(env) ⇒ Object 



122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
 
# File 'lib/action_controller/session/abstract_store.rb', line 122

def call(env)
  session = SessionHash.new(self, env)

  env[ENV_SESSION_KEY] = session
  env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup

  response = @app.call(env)

  session_data = env[ENV_SESSION_KEY]
  options = env[ENV_SESSION_OPTIONS_KEY]

  if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
    session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)

    sid = options[:id] || generate_sid

    unless set_session(env, sid, session_data.to_hash)
      return response
    end

    cookie = Rack::Utils.escape(@key) + '=' + Rack::Utils.escape(sid)
    cookie << "; domain=#{options[:domain]}" if options[:domain]
    cookie << "; path=#{options[:path]}" if options[:path]
    if options[:expire_after]
      expiry = Time.now + options[:expire_after]
      cookie << "; expires=#{expiry.httpdate}"
    end
    cookie << "; Secure" if options[:secure]
    cookie << "; HttpOnly" if options[:httponly]

    headers = response[1]
    unless headers[SET_COOKIE].blank?
      headers[SET_COOKIE] << "\n#{cookie}"
    else
      headers[SET_COOKIE] = cookie
    end
  end

  response
end