Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

If session_options[:id] is requested when using CookieStore, unmarsha…

…l the session to access it [#2268 state:resolved]

Signed-off-by: Joshua Peek <josh@joshpeek.com>
  • Loading branch information...
commit e0f1a7dc191ffebc9f6cadb6232e567fee8aa491 1 parent f416f9f
Jay Pignata authored josh committed
View
17 actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -37,7 +37,7 @@ module Session
# "rake secret" and set the key in config/environment.rb.
#
# Note that changing digest or secret invalidates all existing sessions!
- class CookieStore
+ class CookieStore < Hash
# Cookies can typically store 4096 bytes.
MAX = 4096
SECRET_MIN_LENGTH = 30 # characters
@@ -49,7 +49,18 @@ class CookieStore
:expire_after => nil,
:httponly => true
}.freeze
+
+ class OptionsHash < Hash
+ def initialize(by, env, default_options)
+ @session_data = env[CookieStore::ENV_SESSION_KEY]
+ default_options.each { |key, value| self[key] = value }
+ end
+ def [](key)
+ key == :id ? @session_data[:session_id] : super(key)
+ end
+ end
+
ENV_SESSION_KEY = "rack.session".freeze
ENV_SESSION_OPTIONS_KEY = "rack.session.options".freeze
HTTP_SET_COOKIE = "Set-Cookie".freeze
@@ -90,8 +101,8 @@ def initialize(app, options = {})
def call(env)
env[ENV_SESSION_KEY] = AbstractStore::SessionHash.new(self, env)
- env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup
-
+ env[ENV_SESSION_OPTIONS_KEY] = OptionsHash.new(self, env, @default_options)
+
status, headers, body = @app.call(env)
session_data = env[ENV_SESSION_KEY]
View
4 actionpack/test/dispatch/session/cookie_store_test.rb
@@ -30,7 +30,7 @@ def get_session_value
end
def get_session_id
- render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}"
+ render :text => "id: #{request.session_options[:id]}"
end
def call_reset_session
@@ -119,7 +119,7 @@ def test_getting_session_id
get '/get_session_id'
assert_response :success
- assert_equal "foo: \"bar\"; id: #{session_id}", response.body
+ assert_equal "id: #{session_id}", response.body
end
end

1 comment on commit e0f1a7d

@jpignata

Oops - there's an error with my patch - CookieStore should not be deriving from hash. I've created a patch to revert this unnecessary change.

https://rails.lighthouseapp.com/projects/8994/tickets/2268-rails-23-session_optionsid-problem#ticket-2268-13

Please sign in to comment.
Something went wrong with that request. Please try again.