Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #8824 from mjtko/fix/cookie-store-inheritance

Modify CookieStore middleware inheritance to avoid subclassing Rack::Session::Cookie [Fix for #7372]
  • Loading branch information...
commit 5d0d82957ae2658a576f5785506a52cfe03d0758 2 parents 5fb5019 + 109a1b3
@spastorino spastorino authored
View
2  actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -21,8 +21,6 @@ def initialize(const_error)
module Compatibility
def initialize(app, options = {})
options[:key] ||= '_session_id'
- # FIXME Rack's secret is not being used
- options[:secret] ||= SecureRandom.hex(30)
super
end
View
29 actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -36,21 +36,38 @@ module Session
# "rake secret" and set the key in config/initializers/secret_token.rb.
#
# Note that changing digest or secret invalidates all existing sessions!
- class CookieStore < Rack::Session::Cookie
+ class CookieStore < Rack::Session::Abstract::ID
include Compatibility
include StaleSessionCheck
include SessionObject
- # Override rack's method
+ def initialize(app, options={})
+ super(app, options.merge!(:cookie_only => true))
+ end
+
def destroy_session(env, session_id, options)
- new_sid = super
+ new_sid = generate_sid unless options[:drop]
# Reset hash and Assign the new session id
env["action_dispatch.request.unsigned_session_cookie"] = new_sid ? { "session_id" => new_sid } : {}
new_sid
end
+ def load_session(env)
+ stale_session_check! do
+ data = unpacked_cookie_data(env)
+ data = persistent_session_id!(data)
+ [data["session_id"], data]
+ end
+ end
+
private
+ def extract_session_id(env)
+ stale_session_check! do
+ unpacked_cookie_data(env)["session_id"]
+ end
+ end
+
def unpacked_cookie_data(env)
env["action_dispatch.request.unsigned_session_cookie"] ||= begin
stale_session_check! do
@@ -62,6 +79,12 @@ def unpacked_cookie_data(env)
end
end
+ def persistent_session_id!(data, sid=nil)
+ data ||= {}
+ data["session_id"] ||= sid || generate_sid
+ data
+ end
+
def set_session(env, sid, session_data, options)
session_data["session_id"] = sid
session_data
Please sign in to comment.
Something went wrong with that request. Please try again.