github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-02-17 01:21:42 -05:00
Code Issues Packages Projects Releases Wiki Activity
8,448 Commits 34 Branches 105 Tags
2c01f2b4e9d4a95bb2baca8ae57209eb10aa78b2
Commit Graph

21 Commits

Author SHA1 Message Date
Michael Koziarski
04d2d043ca Move the cookie store to use the MessageVerifier class. 
This removes support for ancient cookie-store generated cookies which were double escaped.
 2008-11-23 16:42:15 +01:00
Pelle Braendgaard
7ecb9689b0 Added support for http_only cookies in cookie_store Added unit tests for secure and http_only cookies in cookie_store 
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#1046 state:committed]
 2008-09-17 13:20:16 +02:00
Jeremy Kemper
29a06f10e8 Strip newlines from cookie session data 2008-08-05 19:28:52 -07:00
Pratik Naik
98dc582742 Merge docrails. 
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
 2008-05-25 12:29:00 +01:00
Rich Cavanaugh
a425cd1473 Don't double-escape cookie store data. Don't split cookie values with newlines into an array. [#130 state:resolved] 
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2008-05-12 15:26:19 -07:00
Xavier Noria
64092de257 Improve documentation coverage and markup 
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
 2008-05-02 14:45:23 +01:00
Jeremy Kemper
7324444344 Ruby 1.9 compat: cookie store delete sets nil value instead of empty string 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8589 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2008-01-07 08:12:03 +00:00
Jeremy Kemper
f91acf0258 Ruby 1.9 compat: move from the deprecated Base64 module to ActiveSupport::Base64. Closes #10554. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8433 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-12-18 21:14:07 +00:00
David Heinemeier Hansson
1aa456d26f Fix doc (closes #10526) 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8423 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-12-16 23:55:22 +00:00
Jeremy Kemper
70117b0294 Introduce (in /Users/jeremy/rails/git/trunk) to output a crytographically secure secret key for use with cookie sessions. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8400 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-12-15 02:27:56 +00:00
Michael Koziarski
7aab8b9a15 Improve error messages when providing a secret that is too short. Closes #10238 [Henrik N] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8200 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-11-24 22:41:16 +00:00
Michael Koziarski
ec93d61fb9 Make sure that cookie sessions use a secret that is at least 30 chars in length. [Koz] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8184 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-11-21 21:31:45 +00:00
David Heinemeier Hansson
8a086c590f Emphasize the importance of a dictionary attack-proof secret for the cookie store 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8181 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-11-21 15:47:50 +00:00
Jeremy Kemper
bbcfb9b625 Cookie session store: ensure that new sessions doesn't reuse data from a deleted session in the same request. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6424 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-14 11:33:10 +00:00
Jeremy Kemper
5219aa9008 Cookie session store: raise ArgumentError when :session_key is blank. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6415 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-13 20:44:16 +00:00
Rick Olson
2b7dbad8e0 Add a #dbman attr_reader for CGI::Session and make CGI::Session::CookieStore#generate_digest public so it's easy to generate digests 
using the cookie store's secret. [Rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6342 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-06 04:09:14 +00:00
Jeremy Kemper
f254831e83 Cookie store: use OpenSSL::HMAC instead of basic hash. Introduce :secret block and :digest option. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6296 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-03 13:54:54 +00:00
Jeremy Kemper
a0563bf7b0 Cookie store: test that >4K raises CookieOverflow and that unverifiable cookies are automatically deleted. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6294 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-03 08:18:30 +00:00
Jeremy Kemper
781985f7f2 Cookie session store: empty and unchanged sessions don't write a cookie. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6226 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-02-25 16:35:24 +00:00
Jeremy Kemper
c8f7860d50 CGI escape the session cookie. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6200 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-02-22 01:17:28 +00:00
Jeremy Kemper
f29857690f Introduce a cookie-based session store as the Rails default. Sessions typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. A secure hash is included with the cookie to ensure data integrity (a user cannot alter his user_id without knowing the secret key included in the hash). If you have more than 4K of session data or don't want your data to be visible to the user, pick another session store. Cookie-based sessions are dramatically faster than the alternatives. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6184 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-02-21 09:17:38 +00:00