rails--rails/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb

require 'rack/utils'
require 'rack/request'
require 'rack/session/abstract/id'
require 'action_dispatch/middleware/cookies'
require 'action_dispatch/request/session'

module ActionDispatch
  module Session
    class SessionRestoreError < StandardError #:nodoc:
      attr_reader :original_exception

      def initialize(const_error)
        @original_exception = const_error

        super("Session contains objects whose class definition isn't available.\n" +
          "Remember to require the classes for all objects kept in the session.\n" +
          "(Original exception: #{const_error.message} [#{const_error.class}])\n")
      end
    end

    module Compatibility
      def initialize(app, options = {})
        options[:key] ||= '_session_id'
        super
      end

      def generate_sid
        sid = SecureRandom.hex(16)
        sid.encode!('UTF-8')
        sid
      end

    protected

      def initialize_sid
        @default_options.delete(:sidbits)
        @default_options.delete(:secure_random)
      end
    end

    module StaleSessionCheck
      def load_session(env)
        stale_session_check! { super }
      end

      def extract_session_id(env)
        stale_session_check! { super }
      end

      def stale_session_check!
        yield
      rescue ArgumentError => argument_error
        if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
          begin
            # Note that the regexp does not allow $1 to end with a ':'
            $1.constantize
          rescue LoadError, NameError => e
            raise ActionDispatch::Session::SessionRestoreError, e, e.backtrace
          end
          retry
        else
          raise
        end
      end
    end

    module SessionObject # :nodoc:
      def prepare_session(env)
        Request::Session.create(self, env, @default_options)
      end

      def loaded_session?(session)
        !session.is_a?(Request::Session) || session.loaded?
      end
    end

    class AbstractStore < Rack::Session::Abstract::ID
      include Compatibility
      include StaleSessionCheck
      include SessionObject

      private

      def set_cookie(env, session_id, cookie)
        request = ActionDispatch::Request.new(env)
        request.cookie_jar[key] = cookie
      end
    end
  end
end
Switch to Rack based session stores. 2008-12-15 17:33:31 -05:00			`require 'rack/utils'`
All AD modules are "deferrable" 2009-12-22 18:11:21 -05:00			`require 'rack/request'`
Rely on Rack::Session stores API for more compatibility across the Ruby world. 2010-09-20 04:18:44 -04:00			`require 'rack/session/abstract/id'`
Cut the fat and make session stores rely on request.cookie_jar and change set_session semantics to return the cookie value instead of a boolean. 2010-05-17 21:18:23 -04:00			`require 'action_dispatch/middleware/cookies'`
bread AD::Request::Session to it's own file, consolidate HASH OF DOOM lookups 2012-05-03 17:28:11 -04:00			`require 'action_dispatch/request/session'`
Switch to Rack based session stores. 2008-12-15 17:33:31 -05:00
Move HTTP libs and middleware into ActionDispatch component 2009-01-27 19:54:01 -05:00			`module ActionDispatch`
Switch to Rack based session stores. 2008-12-15 17:33:31 -05:00			`module Session`
SessionRestoreError belongs in AD 2009-09-24 00:37:31 -04:00			`class SessionRestoreError < StandardError #:nodoc:`
* move exception message to exception constructor * save original exception * keep original backtrace 2012-05-02 14:55:14 -04:00			`attr_reader :original_exception`

			`def initialize(const_error)`
			`@original_exception = const_error`

			`super("Session contains objects whose class definition isn't available.\n" +`
			`"Remember to require the classes for all objects kept in the session.\n" +`
			`"(Original exception: #{const_error.message} [#{const_error.class}])\n")`
			`end`
SessionRestoreError belongs in AD 2009-09-24 00:37:31 -04:00			`end`

Rely on Rack::Session stores API for more compatibility across the Ruby world. 2010-09-20 04:18:44 -04:00			`module Compatibility`
Switch to Rack based session stores. 2008-12-15 17:33:31 -05:00			`def initialize(app, options = {})`
Rely on Rack::Session stores API for more compatibility across the Ruby world. 2010-09-20 04:18:44 -04:00			`options[:key] \|\|= '_session_id'`
			`super`
Switch to Rack based session stores. 2008-12-15 17:33:31 -05:00			`end`

Rely on Rack::Session stores API for more compatibility across the Ruby world. 2010-09-20 04:18:44 -04:00			`def generate_sid`
Replace references to ActiveSupport::SecureRandom with just SecureRandom, and require 'securerandom' from the stdlib when active support is required. 2011-05-23 07:02:06 -04:00			`sid = SecureRandom.hex(16)`
remove checks for encodings availability 2011-12-25 06:34:58 -05:00			`sid.encode!('UTF-8')`
generated session ids should be encoded as UTF-8 2011-04-14 14:27:27 -04:00			`sid`
Switch to Rack based session stores. 2008-12-15 17:33:31 -05:00			`end`
Initialize sid should just skip instance variables. 2010-10-04 02:47:36 -04:00
			`protected`

			`def initialize_sid`
			`@default_options.delete(:sidbits)`
			`@default_options.delete(:secure_random)`
			`end`
Rely on Rack::Session stores API for more compatibility across the Ruby world. 2010-09-20 04:18:44 -04:00			`end`
Switch to Rack based session stores. 2008-12-15 17:33:31 -05:00
Rely on Rack::Session stores API for more compatibility across the Ruby world. 2010-09-20 04:18:44 -04:00			`module StaleSessionCheck`
			`def load_session(env)`
			`stale_session_check! { super }`
			`end`
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> 2010-06-22 09:55:50 -04:00
Rely on Rack::Session stores API for more compatibility across the Ruby world. 2010-09-20 04:18:44 -04:00			`def extract_session_id(env)`
			`stale_session_check! { super }`
			`end`
Cut the fat and make session stores rely on request.cookie_jar and change set_session semantics to return the cookie value instead of a boolean. 2010-05-17 21:18:23 -04:00
Rely on Rack::Session stores API for more compatibility across the Ruby world. 2010-09-20 04:18:44 -04:00			`def stale_session_check!`
			`yield`
			`rescue ArgumentError => argument_error`
			`if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}`
			`begin`
			`# Note that the regexp does not allow $1 to end with a ':'`
			`$1.constantize`
* move exception message to exception constructor * save original exception * keep original backtrace 2012-05-02 14:55:14 -04:00			`rescue LoadError, NameError => e`
			`raise ActionDispatch::Session::SessionRestoreError, e, e.backtrace`
Fixed that an ArgumentError is thrown when request.session_options[:id] is read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types. [#4938] Signed-off-by: José Valim <jose.valim@gmail.com> 2010-06-27 14:35:31 -04:00			`end`
Rely on Rack::Session stores API for more compatibility across the Ruby world. 2010-09-20 04:18:44 -04:00			`retry`
			`else`
			`raise`
Fixed that an ArgumentError is thrown when request.session_options[:id] is read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types. [#4938] Signed-off-by: José Valim <jose.valim@gmail.com> 2010-06-27 14:35:31 -04:00			`end`
Rely on Rack::Session stores API for more compatibility across the Ruby world. 2010-09-20 04:18:44 -04:00			`end`
			`end`
Fixed that an ArgumentError is thrown when request.session_options[:id] is read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types. [#4938] Signed-off-by: José Valim <jose.valim@gmail.com> 2010-06-27 14:35:31 -04:00
session creation methods to a module 2012-05-04 14:26:03 -04:00			`module SessionObject # :nodoc:`
imported options, switched to object composition 2012-05-02 17:45:12 -04:00			`def prepare_session(env)`
testing session store behavior 2012-05-02 20:29:33 -04:00			`Request::Session.create(self, env, @default_options)`
imported options, switched to object composition 2012-05-02 17:45:12 -04:00			`end`

session hash imported 2012-05-02 18:06:21 -04:00			`def loaded_session?(session)`
			`!session.is_a?(Request::Session) \|\| session.loaded?`
			`end`
session creation methods to a module 2012-05-04 14:26:03 -04:00			`end`

			`class AbstractStore < Rack::Session::Abstract::ID`
			`include Compatibility`
			`include StaleSessionCheck`
			`include SessionObject`

			`private`
session hash imported 2012-05-02 18:06:21 -04:00
Support cookie jar options for all cookie stores 2012-04-29 20:14:51 -04:00			`def set_cookie(env, session_id, cookie)`
			`request = ActionDispatch::Request.new(env)`
			`request.cookie_jar[key] = cookie`
			`end`
Switch to Rack based session stores. 2008-12-15 17:33:31 -05:00			`end`
			`end`
			`end`