Class: Merb::CookieSession

Inherits:

Object

• Object
• Merb::CookieSession

Defined in:

lib/merb-core/dispatch/session/cookie.rb

Overview

If you have more than 4K of session data or don’t want your data to be visible to the user, pick another session store.

CookieOverflow is raised if you attempt to store more than 4K of data. TamperedWithCookie is raised if the data integrity check fails.

A message digest is included with the cookie to ensure data integrity: a user cannot alter session data without knowing the secret key included in the hash.

To use Cookie Sessions, set in config/merb.yml

:session_secret_key - your secret digest key
:session_store: cookie

Defined Under Namespace

Classes: CookieOverflow, TamperedWithCookie

Constant Summary

MAX =

Cookies can typically store 4096 bytes.

4096

DIGEST =

or MD5, RIPEMD160, SHA256?

OpenSSL::Digest::Digest.new('SHA1')

Instance Attribute Summary

• #data ⇒ Object readonly

  Returns the value of attribute data.

Instance Method Summary

• #[](k) ⇒ Object

  Parameters k<~to_s>:: The key of the session parameter to retrieve.

• #[]=(k, v) ⇒ Object

  Parameters k<~to_s>:: The key of the session parameter to set.

• #delete ⇒ Object

  Deletes the session by emptying stored data.

• #each(&b) ⇒ Object

  Yields the session data to an each block.

• #initialize(cookie, secret) ⇒ CookieSession constructor

  Parameters cookie<String>:: The cookie.

• #read_cookie ⇒ Object

  Returns String:: Cookie value.

Constructor Details

#initialize(cookie, secret) ⇒ CookieSession

Parameters

cookie<String>

The cookie.

secret<String>

A session secret.

Raises

ArgumentError

Nil or blank secret.

# File 'lib/merb-core/dispatch/session/cookie.rb', line 72

def initialize(cookie, secret)
  if secret.nil? or secret.blank?
    raise ArgumentError, 'A secret is required to generate an integrity hash for cookie session data.'
  end
  @secret = secret
  @data = unmarshal(cookie) || Hash.new
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(name, *args, &block) ⇒ Object (private)

Attempts to redirect any messages to the data object.

# File 'lib/merb-core/dispatch/session/cookie.rb', line 125

def method_missing(name, *args, &block)
  @data.send(name, *args, &block)
end

Instance Attribute Details

#data ⇒ Object (readonly)

Returns the value of attribute data.

# File 'lib/merb-core/dispatch/session/cookie.rb', line 64

def data
  @data
end

Instance Method Details

#[](k) ⇒ Object

Parameters

k<~to_s>

The key of the session parameter to retrieve.

Returns

String

The value of the session parameter.

# File 'lib/merb-core/dispatch/session/cookie.rb', line 105

def [](k) 
  @data[k] 
end

#[]=(k, v) ⇒ Object

Parameters

k<~to_s>

The key of the session parameter to set.

v<~to_s>

The value of the session parameter to set.

# File 'lib/merb-core/dispatch/session/cookie.rb', line 96

def []=(k, v) 
  @data[k] = v
end

#delete ⇒ Object

Deletes the session by emptying stored data.

# File 'lib/merb-core/dispatch/session/cookie.rb', line 118

def delete  
  @data = {} 
end

#each(&b) ⇒ Object

Yields the session data to an each block.

Parameter

&b

The block to pass to each.

# File 'lib/merb-core/dispatch/session/cookie.rb', line 113

def each(&b) 
  @data.each(&b) 
end

#read_cookie ⇒ Object

Returns

String

Cookie value.

Raises

CookieOverflow

Session contains too much information.

# File 'lib/merb-core/dispatch/session/cookie.rb', line 85

def read_cookie
  unless @data.nil?
    updated = marshal(@data)
    raise CookieOverflow if updated.size > MAX
    updated
  end
end