José Valim
afc3ccf74c
Fix renew feature on cookies.
2011-05-04 20:12:27 +02:00
Aaron Patterson
199c0bb338
generated session ids should be encoded as UTF-8
2011-04-14 13:37:40 -07:00
José Valim
3986fcb935
Initialize sid should just skip instance variables.
2010-10-04 08:47:36 +02:00
José Valim
50215f9525
Rely on Rack::Session stores API for more compatibility across the Ruby world.
2010-10-03 21:24:22 +02:00
Neeraj Singh
692f5184c4
no need to check for nil?
2010-09-30 08:11:34 +08:00
Emilio Tagua
523f98099d
Remove more warnings on AP.
2010-09-28 18:01:48 -03:00
W. Andrew Loe III
9cd094b8da
Only send secure cookies over SSL.
2010-09-13 15:11:46 -07:00
José Valim
0f0bdaea7b
Revert "Avoid uneeded queries in session stores if sid is not given."
...
First step to merge Rails and Rack session stores. Rack always expects to receive the SID since it may have different behavior if the SID is nil.
This reverts commit e210895ba9
2010-07-29 09:10:01 +02:00
José Valim
291adcd588
Set session options id to nil is respected and cancels lazy loading.
2010-07-18 12:51:03 +02:00
José Valim
e210895ba9
Avoid uneeded queries in session stores if sid is not given.
2010-07-18 11:02:08 +02:00
Benjamin Quorning
7e075e6247
Fixed many references to the old config/environment.rb and Rails::Initializer
2010-07-13 13:00:21 +02:00
Aaron Patterson
f8720a04d1
porting session.clear fix to master branch. [ #5030 state:resolved]
...
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net >
2010-07-01 15:17:19 -07:00
Michael Lovitt
ebee77a28a
Fixed that an ArgumentError is thrown when request.session_options[:id] is read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types.
...
[#4938 ]
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-06-27 22:39:06 +02:00
José Valim
01472b5217
Do not mark the session as loaded if an error happened while doing it.
2010-06-25 19:03:00 +02:00
José Valim
21c99e9388
Calling exists? in the session store, without checking for stale sessions, was causing the cookie store to panic because we need to unpack the whole session to get its key. This commit fixes this issue and also caches exists calls for performance improvements.
2010-06-25 12:15:17 +02:00
Prem Sichanugrist
617e94658d
Make sure that Rails doesn't resent session_id cookie over and over again if it's already there [ #2485 state:resolved]
...
This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie.
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-06-25 09:41:52 +02:00
José Valim
d69ebb849a
Avoid deserializing cookies too early, which causes session objects to not be available yet. Unfortunately, could not reproduce this in a test case.
2010-06-24 20:03:03 +02:00
Michael Lovitt
49f52c3d91
Sessions should not be created until written to and session data should be destroyed on reset.
...
[#4938 ]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net >
2010-06-23 11:56:35 -07:00
Rizwan Reza
f99132663b
Took out the domain option logic to cookies.rb.
2010-06-11 16:34:52 +02:00
Rizwan Reza
5609149d84
Moved Domain regexp to a constant and added comments.
2010-06-11 16:34:52 +02:00
Rizwan Reza
edbb78d6cc
The previous commit didn't work with complex domains, which is now fixed.
2010-06-11 16:34:52 +02:00
Rizwan Reza
44830ead1c
Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. [ #4818 state:resolved]
...
This reverts commit 330a89072a
2010-06-11 16:34:52 +02:00
wycats
cb1b2a719a
Stop the flash middleware from forcibly loading sessions even if the user doesn't use sessions at all
2010-06-04 20:11:05 -07:00
José Valim
c536835957
Cut the fat and make session stores rely on request.cookie_jar and change set_session semantics to return the cookie value instead of a boolean.
2010-05-18 03:18:23 +02:00
José Valim
26e645fa00
Remove deprecated methods since 2-3-stable.
2010-05-18 02:11:50 +02:00
José Valim
25f7c030e4
Simplify cookie_store by simply relying on cookies.signed.
2010-05-18 02:05:20 +02:00
Josh Kalderimis
446b0ffe1c
corrected error message in session/cookie_store [ #4546 state:resolved]
...
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-05-10 12:37:01 +03:00
José Valim
6690d66292
Rename config.cookie_secret to config.secret_token and pass it as configuration in request.env. This is another step forward removing global configuration.
2010-04-05 12:00:24 +02:00
Xavier Noria
76f024ac8d
adds missing requires for Object#blank? and Object#present?
2010-03-28 14:15:02 +02:00
wycats
39d6f9e112
Make many parts of Rails lazy. In order to facilitate this,
...
add lazy_load_hooks.rb, which allows us to declare code that
should be run at some later time. For instance, this allows
us to defer requiring ActiveRecord::Base at boot time purely
to apply configuration. Instead, we register a hook that should
apply configuration once ActiveRecord::Base is loaded.
With these changes, brings down total boot time of a
new app to 300ms in production and 400ms in dev.
TODO: rename base_hook
2010-03-07 06:24:30 -08:00
Carlhuda
e311622e7b
Deprecated ActionController::Base.session_options= and ActionController::Base.session_store= in favor of a config.session_store method (which takes params) and a config.cookie_secret variable, which is used in various secret scenarios. The old AC::Base options will continue to work with deprecation warnings.
2010-03-04 16:05:52 -08:00
Joshua Peek
89082004b0
Fix const reference for SessionRestoreError
2010-01-15 16:20:12 -06:00
Stefan Penner
d531cbc809
fixed missing or incorrect session data error message
2010-01-02 23:01:06 -08:00
Joshua Peek
b1aee9f4ee
All AD modules are "deferrable"
2009-12-22 17:11:21 -06:00
Joshua Peek
3fb623fa90
SessionRestoreError belongs in AD
2009-09-23 23:37:31 -05:00
Joshua Peek
a01bf41c61
Lazy require memcache for session middleware
2009-09-13 15:30:55 -05:00
Jay Pignata
bd97c3044a
CookieStore should not be derived from Hash - reverting [ #2268 state:resolved]
...
Signed-off-by: Joshua Peek <josh@joshpeek.com >
2009-09-03 15:15:15 -05:00
Jay Pignata
e0f1a7dc19
If session_options[:id] is requested when using CookieStore, unmarshal the session to access it [ #2268 state:resolved]
...
Signed-off-by: Joshua Peek <josh@joshpeek.com >
2009-09-03 11:50:01 -05:00
Joshua Peek
6f40139b53
SessionHash#update and SessionHash#delete are missing a call to load! [ #3056 state:resolved]
2009-08-31 13:39:06 -05:00
Carl Lerche
6a001e925e
Require necessary active_support files in cookie store
2009-08-26 23:07:55 -07:00
Yehuda Katz + Carl Lerche
86fc43fd58
ActionPack components should no longer have undeclared dependencies.
...
* Tests can be run in isolation
* Dependencies added
* A few tests modified to avoid depending on AS deps
not depended on my files they were testing
2009-06-08 13:34:07 -07:00
Joshua Peek
a1140a1031
Revert "Only save the session if we're actually writing to it [ #2703 state:resolved]"
...
This reverts commit dd98280e38
2009-05-30 09:36:08 -05:00
Johan Sörensen
dd98280e38
Only save the session if we're actually writing to it [ #2703 state:resolved]
...
Signed-off-by: Joshua Peek <josh@joshpeek.com >
2009-05-28 09:35:17 -05:00
Joshua Peek
0494909679
Inherit TestSession from Session::AbstractStore and add indifferent access to Session::AbstractStore.
2009-04-26 14:33:57 -05:00
Joshua Peek
82bc768dad
Fix typo in stale session check [ #2404 state:resolved]
2009-04-26 11:19:42 -05:00
Carl Lerche & Yehuda Katz
906aebceed
Bring abstract_controller up to date with rails/master
...
Resolved all the conflicts since 2.3.0 -> HEAD. Following is a list
of commits that could not be applied cleanly or are obviated with the
abstract_controller refactor. They all need to be revisited to ensure
that fixes made in 2.3 do not reappear in 3.0:
2259ecf36806182ea02e#1844 state:resolved]
* This will be handled generically
893e9eb995#1909 state:resolved]
* We will need to reimplement rails-dev-boost on top of the refactor;
the changes here are very implementation specific and cannot be
cleanly applied. The following commits are implicated:
199e750d463942cb406ef8ea9f85d4e3b166aab3ae9f258e0344423126c60cb020b4d6#1974 state:resolved]
* The specifics of this commit no longer apply. Since it is a two-line
commit, we will reimplement this change.
8c5cc66a83#1974 state:resolved]
* This does not apply at all. It should be trivial to apply the feature
to the reimplemented ActionController::Base.
87e8b16246#2052 state:resolved]
* There were a number of patches related to this that simply compounded
each other. Basically none of them apply cleanly, and the underlying
issue needs to be revisited. After discussing the underlying problem
with Koz, we will defer these fixes for further discussion.
2009-04-13 15:18:45 -07:00
Yehuda Katz
3030bc90c9
Merge commit 'rails/3-0-unstable'
...
Conflicts:
actionpack/lib/action_controller/base.rb
actionpack/lib/action_dispatch/http/mime_type.rb
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_view/base.rb
actionpack/lib/action_view/paths.rb
actionpack/test/controller/session/cookie_store_test.rb
actionpack/test/dispatch/rack_test.rb
actionpack/test/dispatch/request_test.rb
2009-01-30 11:30:27 -08:00
Joshua Peek
319ae4628f
Move HTTP libs and middleware into ActionDispatch component
2009-01-27 18:54:01 -06:00
