2007-02-21 04:17:38 -05:00
|
|
|
require 'action_controller/session/cookie_store'
|
2005-09-13 04:31:32 -04:00
|
|
|
require 'action_controller/session/drb_store'
|
|
|
|
require 'action_controller/session/mem_cache_store'
|
|
|
|
if Object.const_defined?(:ActiveRecord)
|
|
|
|
require 'action_controller/session/active_record_store'
|
|
|
|
end
|
|
|
|
|
2005-07-22 06:37:09 -04:00
|
|
|
module ActionController #:nodoc:
|
|
|
|
module SessionManagement #:nodoc:
|
2006-02-12 00:51:02 -05:00
|
|
|
def self.included(base)
|
2007-10-02 01:32:14 -04:00
|
|
|
base.class_eval do
|
|
|
|
extend ClassMethods
|
|
|
|
alias_method_chain :process, :session_management_support
|
|
|
|
alias_method_chain :process_cleanup, :session_management_support
|
|
|
|
end
|
2005-07-22 06:37:09 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
module ClassMethods
|
2007-11-22 00:48:45 -05:00
|
|
|
# Set the session store to be used for keeping the session data between requests. By default, sessions are stored
|
|
|
|
# in browser cookies (:cookie_store), but you can also specify one of the other included stores
|
|
|
|
# (:active_record_store, :p_store, drb_store, :mem_cache_store, or :memory_store) or your own custom class.
|
2005-09-13 03:48:12 -04:00
|
|
|
def session_store=(store)
|
2007-01-04 16:43:24 -05:00
|
|
|
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager] =
|
|
|
|
store.is_a?(Symbol) ? CGI::Session.const_get(store == :drb_store ? "DRbStore" : store.to_s.camelize) : store
|
2005-09-13 03:48:12 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
# Returns the session store class currently used.
|
|
|
|
def session_store
|
2007-01-04 16:43:24 -05:00
|
|
|
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager]
|
2005-09-13 03:48:12 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
# Returns the hash used to configure the session. Example use:
|
|
|
|
#
|
|
|
|
# ActionController::Base.session_options[:session_secure] = true # session only available over HTTPS
|
|
|
|
def session_options
|
|
|
|
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS
|
|
|
|
end
|
|
|
|
|
2005-07-22 06:37:09 -04:00
|
|
|
# Specify how sessions ought to be managed for a subset of the actions on
|
|
|
|
# the controller. Like filters, you can specify <tt>:only</tt> and
|
|
|
|
# <tt>:except</tt> clauses to restrict the subset, otherwise options
|
|
|
|
# apply to all actions on this controller.
|
|
|
|
#
|
|
|
|
# The session options are inheritable, as well, so if you specify them in
|
|
|
|
# a parent controller, they apply to controllers that extend the parent.
|
|
|
|
#
|
|
|
|
# Usage:
|
|
|
|
#
|
|
|
|
# # turn off session management for all actions.
|
|
|
|
# session :off
|
|
|
|
#
|
|
|
|
# # turn off session management for all actions _except_ foo and bar.
|
|
|
|
# session :off, :except => %w(foo bar)
|
|
|
|
#
|
|
|
|
# # turn off session management for only the foo and bar actions.
|
|
|
|
# session :off, :only => %w(foo bar)
|
|
|
|
#
|
|
|
|
# # the session will only work over HTTPS, but only for the foo action
|
|
|
|
# session :only => :foo, :session_secure => true
|
|
|
|
#
|
2005-08-17 17:05:31 -04:00
|
|
|
# # the session will only be disabled for 'foo', and only if it is
|
|
|
|
# # requested as a web service
|
|
|
|
# session :off, :only => :foo,
|
|
|
|
# :if => Proc.new { |req| req.parameters[:ws] }
|
|
|
|
#
|
2007-02-15 11:25:46 -05:00
|
|
|
# # the session will be disabled for non html/ajax requests
|
|
|
|
# session :off,
|
|
|
|
# :if => Proc.new { |req| !(req.format.html? || req.format.js?) }
|
|
|
|
#
|
2005-07-22 06:37:09 -04:00
|
|
|
# All session options described for ActionController::Base.process_cgi
|
|
|
|
# are valid arguments.
|
|
|
|
def session(*args)
|
2007-08-28 19:16:49 -04:00
|
|
|
options = args.extract_options!
|
2005-07-22 06:37:09 -04:00
|
|
|
|
|
|
|
options[:disabled] = true if !args.empty?
|
|
|
|
options[:only] = [*options[:only]].map { |o| o.to_s } if options[:only]
|
|
|
|
options[:except] = [*options[:except]].map { |o| o.to_s } if options[:except]
|
|
|
|
if options[:only] && options[:except]
|
|
|
|
raise ArgumentError, "only one of either :only or :except are allowed"
|
|
|
|
end
|
|
|
|
|
|
|
|
write_inheritable_array("session_options", [options])
|
|
|
|
end
|
|
|
|
|
2007-02-21 19:57:02 -05:00
|
|
|
# So we can declare session options in the Rails initializer.
|
|
|
|
alias_method :session=, :session
|
|
|
|
|
2005-10-16 11:42:03 -04:00
|
|
|
def cached_session_options #:nodoc:
|
2005-10-10 21:53:31 -04:00
|
|
|
@session_options ||= read_inheritable_attribute("session_options") || []
|
|
|
|
end
|
|
|
|
|
2005-08-17 17:05:31 -04:00
|
|
|
def session_options_for(request, action) #:nodoc:
|
2005-10-10 21:53:31 -04:00
|
|
|
if (session_options = cached_session_options).empty?
|
|
|
|
{}
|
|
|
|
else
|
|
|
|
options = {}
|
2005-07-22 06:37:09 -04:00
|
|
|
|
2005-10-10 21:53:31 -04:00
|
|
|
action = action.to_s
|
|
|
|
session_options.each do |opts|
|
|
|
|
next if opts[:if] && !opts[:if].call(request)
|
|
|
|
if opts[:only] && opts[:only].include?(action)
|
|
|
|
options.merge!(opts)
|
|
|
|
elsif opts[:except] && !opts[:except].include?(action)
|
|
|
|
options.merge!(opts)
|
|
|
|
elsif !opts[:only] && !opts[:except]
|
|
|
|
options.merge!(opts)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
if options.empty? then options
|
|
|
|
else
|
|
|
|
options.delete :only
|
|
|
|
options.delete :except
|
|
|
|
options.delete :if
|
|
|
|
options[:disabled] ? false : options
|
2005-07-22 06:37:09 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def process_with_session_management_support(request, response, method = :perform_action, *arguments) #:nodoc:
|
2006-02-12 00:51:02 -05:00
|
|
|
set_session_options(request)
|
2005-07-22 06:37:09 -04:00
|
|
|
process_without_session_management_support(request, response, method, *arguments)
|
|
|
|
end
|
2005-11-22 19:35:37 -05:00
|
|
|
|
2005-09-13 04:31:32 -04:00
|
|
|
private
|
2006-02-12 00:51:02 -05:00
|
|
|
def set_session_options(request)
|
|
|
|
request.session_options = self.class.session_options_for(request, request.parameters["action"] || "index")
|
|
|
|
end
|
|
|
|
|
|
|
|
def process_cleanup_with_session_management_support
|
|
|
|
clear_persistent_model_associations
|
2006-11-13 13:59:01 -05:00
|
|
|
process_cleanup_without_session_management_support
|
2006-02-12 00:51:02 -05:00
|
|
|
end
|
|
|
|
|
2005-11-22 19:35:37 -05:00
|
|
|
# Clear cached associations in session data so they don't overflow
|
|
|
|
# the database field. Only applies to ActiveRecordStore since there
|
|
|
|
# is not a standard way to iterate over session data.
|
|
|
|
def clear_persistent_model_associations #:doc:
|
2006-11-13 13:59:01 -05:00
|
|
|
if defined?(@_session) && @_session.respond_to?(:data)
|
|
|
|
session_data = @_session.data
|
2006-02-12 00:51:02 -05:00
|
|
|
|
|
|
|
if session_data && session_data.respond_to?(:each_value)
|
2005-11-22 19:35:37 -05:00
|
|
|
session_data.each_value do |obj|
|
2006-02-12 00:51:02 -05:00
|
|
|
obj.clear_association_cache if obj.respond_to?(:clear_association_cache)
|
2005-11-22 19:35:37 -05:00
|
|
|
end
|
|
|
|
end
|
2005-10-10 21:53:31 -04:00
|
|
|
end
|
2005-09-13 04:31:32 -04:00
|
|
|
end
|
2005-07-22 06:37:09 -04:00
|
|
|
end
|
|
|
|
end
|