github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-02-01 09:44:56 -05:00
Code Issues Packages Projects Releases Wiki Activity
8,997 Commits 34 Branches 105 Tags
b1c1e3deb7d752292abaff34ba66a3eae030d252
Commit Graph

31 Commits

Author SHA1 Message Date
Mike Gaffney
1b79683171 Deprecation tests for f17c876 [#1801 state:resolved] 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2009-01-29 19:37:38 -06:00
Pratik Naik
2ae8d3079b Session cookie header should always be set if :expire_after option is specified 2009-01-28 05:05:48 +00:00
Cody Fauser
c090e5e075 Restore cookie store httponly default to true. Remove extraneous dup of options on initialization [#1784 state:resolved] 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2009-01-20 11:50:43 -06:00
Frederick Cheung
d7b6e48c70 Fix randomly failing cookie store tests 
Marshal.dump(Marshal.load(marshaled_hash)) is not guarenteed to be equal to marshaled_hash
because of the lack of ordering of hash
 2008-12-26 18:25:03 +00:00
Matt Bauer
7b249b67e9 Fix reset_session with lazy cookie stores [#1601 state:resolved] 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2008-12-20 14:37:51 -06:00
Lourens Naude
3ff6b00ee3 Persistent session identifier support for CookieSessionStore and API compat. with the server side stores [#1591 state:resolved] 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2008-12-18 11:33:53 -06:00
Joshua Peek
ed70830713 Switch to Rack based session stores. 2008-12-15 16:33:31 -06:00
Joshua Peek
31ce92f7b5 Use autoload instead of explicit requires for ActionController 2008-11-23 16:35:47 -06:00
Michael Koziarski
04d2d043ca Move the cookie store to use the MessageVerifier class. 
This removes support for ancient cookie-store generated cookies which were double escaped.
 2008-11-23 16:42:15 +01:00
Jeremy Kemper
0be5bc3f59 Work around ruby 1.9 segfault 2008-11-07 21:50:39 -05:00
Pelle Braendgaard
7ecb9689b0 Added support for http_only cookies in cookie_store Added unit tests for secure and http_only cookies in cookie_store 
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#1046 state:committed]
 2008-09-17 13:20:16 +02:00
Tarmo Tänav
656f0e7c6c Fix file permissions 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2008-07-31 16:36:23 -05:00
David Heinemeier Hansson
6573f6a4bc Revert "Lazy load cache and session stores" 
This reverts commit 19895f087c.
 2008-06-12 19:52:33 -05:00
Pratik Naik
19895f087c Lazy load cache and session stores 2008-06-10 10:29:25 +01:00
Rich Cavanaugh
a425cd1473 Don't double-escape cookie store data. Don't split cookie values with newlines into an array. [#130 state:resolved] 
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2008-05-12 15:26:19 -07:00
Tobias Lütke
fef82759ff Implement increment/decrement on cache storage engines, using read/write by default and using atomic command on memcache 2008-04-29 15:12:47 -04:00
Jeremy Kemper
7324444344 Ruby 1.9 compat: cookie store delete sets nil value instead of empty string 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8589 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2008-01-07 08:12:03 +00:00
Jeremy Kemper
9d755f1983 require abstract_unit directly since test is in load path 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8564 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2008-01-05 13:32:06 +00:00
Michael Koziarski
ec93d61fb9 Make sure that cookie sessions use a secret that is at least 30 chars in length. [Koz] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8184 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-11-21 21:31:45 +00:00
Jeremy Kemper
86a9c212c0 Skip memcache tests unless it's installed 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7893 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-10-15 01:47:35 +00:00
Jeremy Kemper
6e56cc013f Wrap test with uses_mocha 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7888 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-10-14 22:54:28 +00:00
Jeremy Kemper
d0df7f2b12 Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-10-14 20:46:06 +00:00
Jeremy Kemper
d2ed32d592 Parse url-encoded and multipart requests ourselves instead of delegating to CGI. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6764 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-05-18 06:24:50 +00:00
Jeremy Kemper
f8273e4309 Shine some sunlight on the CGI extensions. Remove unused CGI#session. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6733 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-05-15 00:08:05 +00:00
Jeremy Kemper
bbcfb9b625 Cookie session store: ensure that new sessions doesn't reuse data from a deleted session in the same request. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6424 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-14 11:33:10 +00:00
Jeremy Kemper
5219aa9008 Cookie session store: raise ArgumentError when :session_key is blank. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6415 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-13 20:44:16 +00:00
Jeremy Kemper
f254831e83 Cookie store: use OpenSSL::HMAC instead of basic hash. Introduce :secret block and :digest option. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6296 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-03 13:54:54 +00:00
Jeremy Kemper
a0563bf7b0 Cookie store: test that >4K raises CookieOverflow and that unverifiable cookies are automatically deleted. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6294 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-03 08:18:30 +00:00
Jeremy Kemper
781985f7f2 Cookie session store: empty and unchanged sessions don't write a cookie. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6226 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-02-25 16:35:24 +00:00
Jeremy Kemper
c8f7860d50 CGI escape the session cookie. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6200 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-02-22 01:17:28 +00:00
Jeremy Kemper
f29857690f Introduce a cookie-based session store as the Rails default. Sessions typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. A secure hash is included with the cookie to ensure data integrity (a user cannot alter his user_id without knowing the secret key included in the hash). If you have more than 4K of session data or don't want your data to be visible to the user, pick another session store. Cookie-based sessions are dramatically faster than the alternatives. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6184 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-02-21 09:17:38 +00:00