github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-02-07 12:44:54 -05:00
Code Issues Packages Projects Releases Wiki Activity
8,923 Commits 34 Branches 105 Tags
b3bc4fa5e02e71a992f8a432757548c762f0aad8
Commit Graph

76 Commits

Author SHA1 Message Date
Pratik Naik
2ae8d3079b Session cookie header should always be set if :expire_after option is specified 2009-01-28 05:05:48 +00:00
Cody Fauser
c090e5e075 Restore cookie store httponly default to true. Remove extraneous dup of options on initialization [#1784 state:resolved] 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2009-01-20 11:50:43 -06:00
Cody Fauser
d3107ce3b0 Use :key instead of old :session_key in session_store.rb generator and docs [#1746 state:resovled] 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2009-01-13 14:27:23 -06:00
Matt Bauer
7b249b67e9 Fix reset_session with lazy cookie stores [#1601 state:resolved] 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2008-12-20 14:37:51 -06:00
Jeremy Kemper
788ab8458a No need to dup immutable options 2008-12-18 14:42:58 -08:00
Jeremy Kemper
c81cd321d1 Be sure to call super 2008-12-18 14:42:39 -08:00
Joshua Peek
2e22c7fda0 Conditionally inject session middleware instead of using session management 2008-12-18 12:56:18 -06:00
Lourens Naude
3ff6b00ee3 Persistent session identifier support for CookieSessionStore and API compat. with the server side stores [#1591 state:resolved] 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2008-12-18 11:33:53 -06:00
Joshua Peek
43ac42c46a Clear empty nil values in session hash before saving 2008-12-15 19:25:31 -06:00
Joshua Peek
ed70830713 Switch to Rack based session stores. 2008-12-15 16:33:31 -06:00
Pratik Naik
dbbae5e00e Merge with docrails 2008-12-07 03:27:53 +01:00
Michael Koziarski
04d2d043ca Move the cookie store to use the MessageVerifier class. 
This removes support for ancient cookie-store generated cookies which were double escaped.
 2008-11-23 16:42:15 +01:00
Pelle Braendgaard
7ecb9689b0 Added support for http_only cookies in cookie_store Added unit tests for secure and http_only cookies in cookie_store 
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#1046 state:committed]
 2008-09-17 13:20:16 +02:00
Jeremy Kemper
29a06f10e8 Strip newlines from cookie session data 2008-08-05 19:28:52 -07:00
Tarmo Tänav
0b9bfbdebf Use "/usr/bin/env ruby" instead of "/usr/local/bin/ruby" 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2008-07-31 16:39:48 -05:00
Tarmo Tänav
656f0e7c6c Fix file permissions 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2008-07-31 16:36:23 -05:00
Pratik Naik
98dc582742 Merge docrails. 
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
 2008-05-25 12:29:00 +01:00
Rich Cavanaugh
a425cd1473 Don't double-escape cookie store data. Don't split cookie values with newlines into an array. [#130 state:resolved] 
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2008-05-12 15:26:19 -07:00
Pratik Naik
dc4eec1129 Merge docrails: 
commit e6afd8b273
Author: Xavier Noria <fxn@hashref.com>
Date:   Thu May 8 23:49:36 2008 +0200

    Overall documentation improvement and markup corrections. Zillion changes.

commit 2fead68b31
Author: Austin Putman <austin@emmanuel.local>
Date:   Wed May 7 19:35:46 2008 -0700

    Documented class methods on ActionController::Routing.  These are dangerous, and mostly used for testing.

commit f5b84182db
Author: Teflon Ted <github@rudiment.net>
Date:   Wed May 7 16:08:49 2008 -0400

    Added explanation about errant inflections not being patched in the future in order to avoid breaking legacy applications.

commit 370f4f5172
Author: Sunny Ripert <negatif@gmail.com>
Date:   Wed May 7 14:00:59 2008 +0200

    Applied list conventions in AR::Base

commit 5bd18429f0
Author: Sunny Ripert <negatif@gmail.com>
Date:   Wed May 7 13:53:35 2008 +0200

    Renamed Options list to Attributes list whenever they weren't option hashes in AR::Base

commit d912bd5672
Author: Yaroslav Markin <yaroslav@markin.net>
Date:   Wed May 7 13:50:28 2008 +0400

    Add a filter_parameter_logging usage hint to generated ApplicationController.
    This may help to remind the developer to filter sensitive information from application logs.
    Closes #11578

commit b243de0db3
Author: Jack Danger Canty <git@6brand.com>
Date:   Tue May 6 23:39:47 2008 -0700

    doc: disambiguating an example ActiveRecord class

commit f81d771f06
Author: Jack Danger Canty <git@6brand.com>
Date:   Tue May 6 23:35:05 2008 -0700

    doc: ActiveRecord::Reflection::AssociationReflection#through_reflection

    Added documentation demonstrating the use of #through_reflection for
    finding intervening reflection objects for HasManyThrough
    and HasOneThrough.

commit ae6b46f00b
Author: Cheah Chu Yeow <chuyeow@gmail.com>
Date:   Wed May 7 13:47:41 2008 +0800

    Document AttributeAssignmentError and MultiparameterAssignmentErrors.

commit 8f463550b5
Author: John Barnette <jbarnette@gmail.com>
Date:   Tue May 6 22:46:44 2008 -0700

    Killing/fixing a bunch of outdated language in the AR README.

commit aca44bcd92
Author: Cheah Chu Yeow <chuyeow@gmail.com>
Date:   Wed May 7 13:34:52 2008 +0800

    Make a note about ActiveResource::Timeouterror being raised when ARes calls timeout.

commit 284a930a93
Author: Jonathan Dance <jd@wuputah.com>
Date:   Tue May 6 14:58:26 2008 -0400

    improvements to the page caching docs

commit 9482da6213
Author: Sunny Ripert <negatif@gmail.com>
Date:   Mon May 5 18:13:40 2008 +0200

    validates_numericality_of() "integer" option really is "only_integer"

commit e9afd6790a
Author: Sunny Ripert <negatif@gmail.com>
Date:   Mon May 5 12:11:59 2008 +0200

    Harmonized hash notation in AR::Base

commit 67ebf14a91
Author: Sunny Ripert <negatif@gmail.com>
Date:   Mon May 5 12:06:19 2008 +0200

    Turned options into rdoc-lists in AR::Base

commit 0ec7c0a41d
Author: Marshall Huss <mwhuss@Macbook.local>
Date:   Sun May 4 23:21:33 2008 -0400

    Added information of how to set element_name in the case the user has a name confliction with an existing model

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
 2008-05-09 10:40:50 +01:00
Xavier Noria
64092de257 Improve documentation coverage and markup 
Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
 2008-05-02 14:45:23 +01:00
Jeremy Kemper
7324444344 Ruby 1.9 compat: cookie store delete sets nil value instead of empty string 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8589 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2008-01-07 08:12:03 +00:00
Jeremy Kemper
f91acf0258 Ruby 1.9 compat: move from the deprecated Base64 module to ActiveSupport::Base64. Closes #10554. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8433 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-12-18 21:14:07 +00:00
David Heinemeier Hansson
1aa456d26f Fix doc (closes #10526) 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8423 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-12-16 23:55:22 +00:00
Jeremy Kemper
70117b0294 Introduce (in /Users/jeremy/rails/git/trunk) to output a crytographically secure secret key for use with cookie sessions. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8400 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-12-15 02:27:56 +00:00
Michael Koziarski
7aab8b9a15 Improve error messages when providing a secret that is too short. Closes #10238 [Henrik N] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8200 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-11-24 22:41:16 +00:00
Michael Koziarski
ec93d61fb9 Make sure that cookie sessions use a secret that is at least 30 chars in length. [Koz] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8184 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-11-21 21:31:45 +00:00
David Heinemeier Hansson
8a086c590f Emphasize the importance of a dictionary attack-proof secret for the cookie store 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8181 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-11-21 15:47:50 +00:00
Jeremy Kemper
d0df7f2b12 Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-10-14 20:46:06 +00:00
Rick Olson
408f496402 Use #require_library_or_gem to load the memcache library for the MemCache session and fragment cache stores. Closes #8662. [Rick] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7725 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-10-03 14:52:56 +00:00
David Heinemeier Hansson
ff9ca2ca1e Random hits from the style nazi 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7438 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-09 23:12:57 +00:00
Michael Koziarski
d0c83c4354 Fix failing active record store tests 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7317 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-08-14 10:06:07 +00:00
Jeremy Kemper
bbcfb9b625 Cookie session store: ensure that new sessions doesn't reuse data from a deleted session in the same request. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6424 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-14 11:33:10 +00:00
Jeremy Kemper
5219aa9008 Cookie session store: raise ArgumentError when :session_key is blank. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6415 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-13 20:44:16 +00:00
Rick Olson
2b7dbad8e0 Add a #dbman attr_reader for CGI::Session and make CGI::Session::CookieStore#generate_digest public so it's easy to generate digests 
using the cookie store's secret. [Rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6342 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-06 04:09:14 +00:00
Jeremy Kemper
f254831e83 Cookie store: use OpenSSL::HMAC instead of basic hash. Introduce :secret block and :digest option. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6296 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-03 13:54:54 +00:00
Jeremy Kemper
a0563bf7b0 Cookie store: test that >4K raises CookieOverflow and that unverifiable cookies are automatically deleted. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6294 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-03-03 08:18:30 +00:00
Jeremy Kemper
781985f7f2 Cookie session store: empty and unchanged sessions don't write a cookie. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6226 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-02-25 16:35:24 +00:00
Jeremy Kemper
c8f7860d50 CGI escape the session cookie. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6200 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-02-22 01:17:28 +00:00
Jeremy Kemper
f29857690f Introduce a cookie-based session store as the Rails default. Sessions typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. A secure hash is included with the cookie to ensure data integrity (a user cannot alter his user_id without knowing the secret key included in the hash). If you have more than 4K of session data or don't want your data to be visible to the user, pick another session store. Cookie-based sessions are dramatically faster than the alternatives. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6184 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-02-21 09:17:38 +00:00
Jeremy Kemper
65ca37b7b7 ARStore needs a data reader method. Closes #4795. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5531 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2006-11-15 20:08:43 +00:00
Jeremy Kemper
56e3e2fde5 Always clear model associations from session. Closes #4795. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5512 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2006-11-13 18:59:01 +00:00
Jamis Buck
519e7e5e12 Fix problem with unloaded ARStore sessions being loaded when they are garbage collected, causing problems if there were AR objects in the session. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3817 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2006-03-08 16:53:34 +00:00
Jeremy Kemper
7654082260 Major components cleanup and speedup. Closes #3527. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3563 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2006-02-09 20:05:11 +00:00
Nicholas Seckar
7a43a05a2b Further improvements to reloading code 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3519 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2006-02-02 04:54:07 +00:00
David Heinemeier Hansson
26761d6d32 If included_modules doesnt take a parameter, we shouldnt either 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3509 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2006-02-01 03:58:37 +00:00
Michael Koziarski
e398045774 Fix Syntax problems which were preventing webrick from starting 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3508 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2006-02-01 03:54:37 +00:00
David Heinemeier Hansson
aee8db1584 ActiveRecordStore::Session shouldnt be reloadable 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3506 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2006-02-01 03:08:43 +00:00
David Heinemeier Hansson
6236d518f2 Added the possibility to specify atomatic expiration for the memcachd session container (closes #3571) [Stefan Kaes] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3465 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2006-01-22 22:21:26 +00:00
David Heinemeier Hansson
778d6704d4 Add session ID to default logging, but remove the verbose description of every step [DHH] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3334 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2005-12-22 04:04:56 +00:00
Jeremy Kemper
63b792162b Make data writer private. Marshal/unmarshal handle nil. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3108 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2005-11-20 08:15:51 +00:00