Permalink
Browse files

Merge pull request #7436 from sikachu/master-remove-active_record-ses…

…sion_store

Extract ActiveRecord::SessionStore from Rails
  • Loading branch information...
2 parents 2c571b3 + 1807384 commit 73c02220f83cfb181ccf99db0451983324e28804 @josevalim josevalim committed Aug 24, 2012
Showing with 41 additions and 976 deletions.
  1. +4 −0 actionpack/CHANGELOG.md
  2. +0 −9 actionpack/lib/action_controller/base.rb
  3. +0 −288 actionpack/test/activerecord/active_record_store_test.rb
  4. +3 −0 activerecord/CHANGELOG.md
  5. +0 −11 activerecord/lib/active_record.rb
  6. +0 −15 activerecord/lib/active_record/railties/databases.rake
  7. +0 −365 activerecord/lib/active_record/session_store.rb
  8. +0 −24 activerecord/lib/rails/generators/active_record/session_migration/session_migration_generator.rb
  9. +0 −12 activerecord/lib/rails/generators/active_record/session_migration/templates/migration.rb
  10. +0 −81 activerecord/test/cases/session_store/session_test.rb
  11. +0 −75 activerecord/test/cases/session_store/sql_bypass_test.rb
  12. +0 −5 guides/code/getting_started/config/initializers/session_store.rb
  13. +2 −0 guides/source/4_0_release_notes.textile
  14. +2 −2 guides/source/action_controller_overview.textile
  15. +3 −7 guides/source/active_support_core_extensions.textile
  16. +1 −9 guides/source/configuring.textile
  17. +1 −3 guides/source/security.textile
  18. +6 −1 railties/lib/rails/application/configuration.rb
  19. +0 −1 railties/lib/rails/generators.rb
  20. +0 −5 railties/lib/rails/generators/rails/app/templates/config/initializers/session_store.rb.tt
  21. +0 −8 railties/lib/rails/generators/rails/session_migration/USAGE
  22. +0 −8 railties/lib/rails/generators/rails/session_migration/session_migration_generator.rb
  23. +19 −0 railties/test/application/configuration_test.rb
  24. +0 −20 railties/test/application/initializers/frameworks_test.rb
  25. +0 −27 railties/test/generators/session_migration_generator_test.rb
@@ -1,5 +1,9 @@
## Rails 4.0.0 (unreleased) ##
+* `ActiveRecord::SessionStore` is extracted out of Rails into a gem `activerecord-session_store`.
+ Setting `config.session_store` to `:active_record_store` will no longer work and will break
+ if the `activerecord-session_store` gem isn't available. *Prem Sichanugrist*
+
* Fix select_tag when option_tags is nil.
Fixes #7404.
@@ -88,15 +88,6 @@ module ActionController
#
# Do not put secret information in cookie-based sessions!
#
- # Other options for session storage:
- #
- # * ActiveRecord::SessionStore - Sessions are stored in your database, which works better than PStore with multiple app servers and,
- # unlike CookieStore, hides your session contents from the user. To use ActiveRecord::SessionStore, set
- #
- # MyApplication::Application.config.session_store :active_record_store
- #
- # in your <tt>config/initializers/session_store.rb</tt> and run <tt>script/rails g session_migration</tt>.
- #
# == Responses
#
# Each action results in a response, which holds the headers and document to be sent to the user's browser. The actual response
@@ -1,288 +0,0 @@
-require 'active_record_unit'
-
-class ActiveRecordStoreTest < ActionDispatch::IntegrationTest
- class TestController < ActionController::Base
- def no_session_access
- head :ok
- end
-
- def set_session_value
- raise "missing session!" unless session
- session[:foo] = params[:foo] || "bar"
- head :ok
- end
-
- def get_session_value
- render :text => "foo: #{session[:foo].inspect}"
- end
-
- def get_session_id
- render :text => "#{request.session_options[:id]}"
- end
-
- def call_reset_session
- session[:foo]
- reset_session
- reset_session if params[:twice]
- session[:foo] = "baz"
- head :ok
- end
-
- def renew
- env["rack.session.options"][:renew] = true
- session[:foo] = "baz"
- head :ok
- end
- end
-
- def setup
- ActiveRecord::SessionStore.session_class.create_table!
- end
-
- def teardown
- ActiveRecord::SessionStore.session_class.drop_table!
- end
-
- %w{ session sql_bypass }.each do |class_name|
- define_method("test_setting_and_getting_session_value_with_#{class_name}_store") do
- with_store class_name do
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "bar"', response.body
-
- get '/set_session_value', :foo => "baz"
- assert_response :success
- assert cookies['_session_id']
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "baz"', response.body
-
- get '/call_reset_session'
- assert_response :success
- assert_not_equal [], headers['Set-Cookie']
- end
- end
- end
-
- define_method("test_renewing_with_#{class_name}_store") do
- with_store class_name do
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
-
- get '/renew'
- assert_response :success
- assert_not_equal [], headers['Set-Cookie']
- end
- end
- end
- end
-
- def test_getting_nil_session_value
- with_test_route_set do
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: nil', response.body
- end
- end
-
- def test_calling_reset_session_twice_does_not_raise_errors
- with_test_route_set do
- get '/call_reset_session', :twice => "true"
- assert_response :success
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "baz"', response.body
- end
- end
-
- def test_setting_session_value_after_session_reset
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
- session_id = cookies['_session_id']
-
- get '/call_reset_session'
- assert_response :success
- assert_not_equal [], headers['Set-Cookie']
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "baz"', response.body
-
- get '/get_session_id'
- assert_response :success
- assert_not_equal session_id, response.body
- end
- end
-
- def test_getting_session_value_after_session_reset
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
- session_cookie = cookies.send(:hash_for)['_session_id']
-
- get '/call_reset_session'
- assert_response :success
- assert_not_equal [], headers['Set-Cookie']
-
- cookies << session_cookie # replace our new session_id with our old, pre-reset session_id
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: nil', response.body, "data for this session should have been obliterated from the database"
- end
- end
-
- def test_getting_from_nonexistent_session
- with_test_route_set do
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: nil', response.body
- assert_nil cookies['_session_id'], "should only create session on write, not read"
- end
- end
-
- def test_getting_session_id
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
- session_id = cookies['_session_id']
-
- get '/get_session_id'
- assert_response :success
- assert_equal session_id, response.body, "should be able to read session id without accessing the session hash"
- end
- end
-
- def test_doesnt_write_session_cookie_if_session_id_is_already_exists
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
-
- get '/get_session_value'
- assert_response :success
- assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
- end
- end
-
- def test_prevents_session_fixation
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "bar"', response.body
- session_id = cookies['_session_id']
- assert session_id
-
- reset!
-
- get '/get_session_value', :_session_id => session_id
- assert_response :success
- assert_equal 'foo: nil', response.body
- assert_not_equal session_id, cookies['_session_id']
- end
- end
-
- def test_allows_session_fixation
- with_test_route_set(:cookie_only => false) do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "bar"', response.body
- session_id = cookies['_session_id']
- assert session_id
-
- reset!
-
- get '/set_session_value', :_session_id => session_id, :foo => "baz"
- assert_response :success
- assert_equal session_id, cookies['_session_id']
-
- get '/get_session_value', :_session_id => session_id
- assert_response :success
- assert_equal 'foo: "baz"', response.body
- assert_equal session_id, cookies['_session_id']
- end
- end
-
- def test_incoming_invalid_session_id_via_cookie_should_be_ignored
- with_test_route_set do
- open_session do |sess|
- sess.cookies['_session_id'] = 'INVALID'
-
- sess.get '/set_session_value'
- new_session_id = sess.cookies['_session_id']
- assert_not_equal 'INVALID', new_session_id
-
- sess.get '/get_session_value'
- new_session_id_2 = sess.cookies['_session_id']
- assert_equal new_session_id, new_session_id_2
- end
- end
- end
-
- def test_incoming_invalid_session_id_via_parameter_should_be_ignored
- with_test_route_set(:cookie_only => false) do
- open_session do |sess|
- sess.get '/set_session_value', :_session_id => 'INVALID'
- new_session_id = sess.cookies['_session_id']
- assert_not_equal 'INVALID', new_session_id
-
- sess.get '/get_session_value'
- new_session_id_2 = sess.cookies['_session_id']
- assert_equal new_session_id, new_session_id_2
- end
- end
- end
-
- def test_session_store_with_all_domains
- with_test_route_set(:domain => :all) do
- get '/set_session_value'
- assert_response :success
- end
- end
-
- private
-
- def with_test_route_set(options = {})
- with_routing do |set|
- set.draw do
- get ':action', :to => 'active_record_store_test/test'
- end
-
- @app = self.class.build_app(set) do |middleware|
- middleware.use ActiveRecord::SessionStore, options.reverse_merge(:key => '_session_id')
- middleware.delete "ActionDispatch::ShowExceptions"
- end
-
- yield
- end
- end
-
- def with_store(class_name)
- session_class, ActiveRecord::SessionStore.session_class =
- ActiveRecord::SessionStore.session_class, "ActiveRecord::SessionStore::#{class_name.camelize}".constantize
- yield
- ensure
- ActiveRecord::SessionStore.session_class = session_class
- end
-end
@@ -1,5 +1,8 @@
## Rails 4.0.0 (unreleased) ##
+* ActiveRecord::SessionStore has been extracted from Active Record as `activerecord-session_store`
+ gem. Please read the `README.md` file on the gem for the usage. *Prem Sichanugrist*
+
* Fix `reset_counters` when there are multiple `belongs_to` association with the
same foreign key and one of them have a counter cache.
Fixes #5200.
@@ -53,17 +53,6 @@ module ActiveRecord
autoload :ReadonlyAttributes
autoload :Reflection
autoload :Sanitization
-
- # ActiveRecord::SessionStore depends on the abstract store in Action Pack.
- # Eager loading this class would break client code that eager loads Active
- # Record standalone.
- #
- # Note that the Rails application generator creates an initializer specific
- # for setting the session store. Thus, albeit in theory this autoload would
- # not be thread-safe, in practice it is because if the application uses this
- # session store its autoload happens at boot time.
- autoload :SessionStore
-
autoload :Schema
autoload :SchemaDumper
autoload :SchemaMigration
@@ -408,21 +408,6 @@ db_namespace = namespace :db do
end
end
end
-
- namespace :sessions do
- # desc "Creates a sessions migration for use with ActiveRecord::SessionStore"
- task :create => [:environment, :load_config] do
- raise 'Task unavailable to this database (no migration support)' unless ActiveRecord::Base.connection.supports_migrations?
- Rails.application.load_generators
- require 'rails/generators/rails/session_migration/session_migration_generator'
- Rails::Generators::SessionMigrationGenerator.start [ ENV['MIGRATION'] || 'add_sessions_table' ]
- end
-
- # desc "Clear the sessions table"
- task :clear => [:environment, :load_config] do
- ActiveRecord::Base.connection.execute "DELETE FROM #{ActiveRecord::SessionStore::Session.table_name}"
- end
- end
end
namespace :railties do
Oops, something went wrong. Retry.

0 comments on commit 73c0222

Please sign in to comment.