mirror of
https://github.com/github/rails.git
synced 2026-04-04 03:00:58 -04:00
84 lines
2.6 KiB
Ruby
84 lines
2.6 KiB
Ruby
module ActionController #:nodoc:
|
|
module SessionManagement #:nodoc:
|
|
def self.included(base)
|
|
base.class_eval do
|
|
extend ClassMethods
|
|
end
|
|
end
|
|
|
|
class Middleware
|
|
DEFAULT_OPTIONS = {
|
|
:path => "/",
|
|
:key => "_session_id",
|
|
:httponly => true,
|
|
}.freeze
|
|
|
|
def self.new(app)
|
|
cgi_options = ActionController::Base.session_options
|
|
options = cgi_options.symbolize_keys
|
|
options = DEFAULT_OPTIONS.merge(options)
|
|
if options.has_key?(:session_path)
|
|
options[:path] = options.delete(:session_path)
|
|
end
|
|
if options.has_key?(:session_key)
|
|
options[:key] = options.delete(:session_key)
|
|
end
|
|
if options.has_key?(:session_http_only)
|
|
options[:httponly] = options.delete(:session_http_only)
|
|
end
|
|
|
|
if store = ActionController::Base.session_store
|
|
store.new(app, options)
|
|
else # Sessions disabled
|
|
lambda { |env| app.call(env) }
|
|
end
|
|
end
|
|
end
|
|
|
|
module ClassMethods
|
|
# Set the session store to be used for keeping the session data between requests.
|
|
# By default, sessions are stored in browser cookies (<tt>:cookie_store</tt>),
|
|
# but you can also specify one of the other included stores (<tt>:active_record_store</tt>,
|
|
# <tt>:mem_cache_store</tt>, or your own custom class.
|
|
def session_store=(store)
|
|
if store == :active_record_store
|
|
self.session_store = ActiveRecord::SessionStore
|
|
else
|
|
@@session_store = store.is_a?(Symbol) ?
|
|
Session.const_get(store.to_s.camelize) :
|
|
store
|
|
end
|
|
end
|
|
|
|
# Returns the session store class currently used.
|
|
def session_store
|
|
if defined? @@session_store
|
|
@@session_store
|
|
else
|
|
Session::CookieStore
|
|
end
|
|
end
|
|
|
|
def session=(options = {})
|
|
self.session_store = nil if options.delete(:disabled)
|
|
session_options.merge!(options)
|
|
end
|
|
|
|
# Returns the hash used to configure the session. Example use:
|
|
#
|
|
# ActionController::Base.session_options[:session_secure] = true # session only available over HTTPS
|
|
def session_options
|
|
@session_options ||= {}
|
|
end
|
|
|
|
def session(*args)
|
|
ActiveSupport::Deprecation.warn(
|
|
"Disabling sessions for a single controller has been deprecated. " +
|
|
"Sessions are now lazy loaded. So if you don't access them, " +
|
|
"consider them off. You can still modify the session cookie " +
|
|
"options with request.session_options.", caller)
|
|
end
|
|
end
|
|
end
|
|
end
|