Class: Cyberweb::CGI::Session

Inherits:

Object

• Object
• Cyberweb::CGI::Session

Defined in:

lib/cyberweb/cgi/session.rb,
lib/cyberweb/cgi/session/pstore.rb,
lib/cyberweb/cgi/session/file_store.rb,
lib/cyberweb/cgi/session/memory_store.rb

Overview

Cyberweb::CGI::Session

Defined Under Namespace

Classes: FileStore, MemoryStore, NoSession, NullStore, PStore

Instance Attribute Summary

• #new_session ⇒ Object readonly

  # The id of this session.

• #session_id ⇒ Object readonly

  # The id of this session.

Class Method Summary

• .callback(dbman) ⇒ Object

  # === CGI::Session.callback ======================================================================= #.

Instance Method Summary

• #[](key) ⇒ Object

  # === [].

• #[]=(key, val) ⇒ Object

  # === []=.

• #close ⇒ Object

  # === close.

• #delete ⇒ Object

  # === delete.

• #initialize(request, option = {}) ⇒ Session constructor

  # Create a new CGI::Session object for request.

• #update ⇒ Object

  # === update.

Constructor Details

#initialize(request, option = {}) ⇒ Session

#

Create a new CGI::Session object for request.

request is an instance of the CGI class (see cgi.rb). option is a hash of options for initialising this CGI::Session instance. The following options are recognised:

session_key

the parameter name used for the session id. Defaults to ‘_session_id’.

session_id

the session id to use. If not provided, then it is retrieved from the session_key parameter of the request, or automatically generated for a new session.

new_session

if true, force creation of a new session. If not set, a new session is only created if none currently exists. If false, a new session is never created, and if none currently exists and the session_id option is not set, an ArgumentError is raised.

database_manager

the name of the class providing storage facilities for session state persistence. Built-in support is provided for FileStore (the default), MemoryStore, and PStore (from cgi/session/pstore.rb). See the documentation for these classes for more details.

The following options are also recognised, but only apply if the session id is stored in a cookie.

session_expires

the time the current session expires, as a Time object. If not set, the session will terminate when the user’s browser is closed.

session_domain

the hostname domain for which this session is valid. If not set, defaults to the hostname of the server.

session_secure

if true, this session will only work over HTTPS.

session_path

the path for which this session applies. Defaults to the directory of the CGI script.

option is also passed on to the session storage class initializer; see the documentation for each session storage class for the options they support.

The retrieved or created session is automatically added to request as a cookie, and also to its output_hidden table, which is used to add hidden input elements to forms.

WARNING the output_hidden fields are surrounded by a <fieldset> tag in HTML 4 generation, which is not invisible on many browsers; you may wish to disable the use of fieldsets with code similar to the following (see blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/37805)

cgi = CGI.new("html4")
class << cgi
  undef_method :fieldset
end

#

# File 'lib/cyberweb/cgi/session.rb', line 270

def initialize(request, option = {})
  @new_session = false
  session_key = option['session_key'] || '_session_id'
  session_id = option['session_id']
  unless session_id
    if option['new_session']
      session_id = create_new_id
      @new_session = true
    end
  end
  unless session_id
    if request.key?(session_key)
      session_id = request[session_key]
      session_id = session_id.read if session_id.respond_to?(:read)
    end
    unless session_id
      session_id, = request.cookies[session_key]
    end
    unless session_id
      unless option.fetch('new_session', true)
        raise ArgumentError, "session_key `%s' should be supplied" % session_key
      end
      session_id = create_new_id
      @new_session = true
    end
  end
  @session_id = session_id
  dbman = option['database_manager'] || FileStore
  begin
    @dbman = dbman::new(self, option)
  rescue NoSession
    unless option.fetch('new_session', true)
      raise ArgumentError, "invalid session_id `%s'"%session_id
    end
    session_id = @session_id = create_new_id unless session_id
    @new_session=true
    retry
  end
  request.instance_eval {
    @output_hidden  = {session_key => session_id} unless option['no_hidden']
    @output_cookies = [
      Cookie.new('name' => session_key,
        'value'   => session_id,
        'expires' => option['session_expires'],
        'domain'  => option['session_domain'],
        'secure'  => option['session_secure'],
        'path'    =>
      if option['session_path']
        option['session_path']
      elsif ENV['SCRIPT_NAME']
        File.dirname(ENV['SCRIPT_NAME'])
      else
        ''
      end)
    ] unless option['no_cookies']
  }
  @dbprot = [@dbman]
  ObjectSpace.define_finalizer(self, Session.callback(@dbprot))
end

Instance Attribute Details

#new_session ⇒ Object (readonly)

#

The id of this session.

#

# File 'lib/cyberweb/cgi/session.rb', line 174

def new_session
  @new_session
end

#session_id ⇒ Object (readonly)

#

The id of this session.

#

# File 'lib/cyberweb/cgi/session.rb', line 174

def session_id
  @session_id
end

Class Method Details

.callback(dbman) ⇒ Object

#

CGI::Session.callback

#

# File 'lib/cyberweb/cgi/session.rb', line 179

def self.callback(dbman)
  Proc.new {
    dbman.first.close unless dbman.empty?
  }
end

Instance Method Details

#[](key) ⇒ Object

#

[]

Retrieve the session data for the key key.

#

# File 'lib/cyberweb/cgi/session.rb', line 335

def [](key)
  @data ||= @dbman.restore
  @data[key]
end

#[]=(key, val) ⇒ Object

#

[]=

Set the session data for key key.

#

# File 'lib/cyberweb/cgi/session.rb', line 345

def []=(key, val)
  @write_lock ||= true
  @data ||= @dbman.restore
  @data[key] = val
end

#close ⇒ Object

#

close

Store session data on the server and close the session storage. For some session storage types, this is a no-op.

#

# File 'lib/cyberweb/cgi/session.rb', line 367

def close
  @dbman.close
  @dbprot.clear
end

#delete ⇒ Object

#

delete

Delete the session from storage. Also closes the storage.

Note that the session’s data is not automatically deleted upon the session expiring.

#

# File 'lib/cyberweb/cgi/session.rb', line 380

def delete
  @dbman.delete
  @dbprot.clear
end

#update ⇒ Object

#

update

Store session data on the server. For some session storage types, this is a no-op.

#

# File 'lib/cyberweb/cgi/session.rb', line 357

def update
  @dbman.update
end