kotovalexarian-likes-github
/
sinatra
mirror of https://github.com/sinatra/sinatra
1
0
Fork 0
Code Releases Activity

Add session_store setting

This commit is contained in:
Jordan Owens 2016-08-04 10:05:02 -04:00
parent 1340606639
commit db0f8d5c78
3 changed files with 44 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
README.md
View File

@ -75,6 +75,7 @@ pick up if available.
* [Filters](#filters) * [Filters](#filters)
* [Helpers](#helpers) * [Helpers](#helpers)
* [Using Sessions](#using-sessions) * [Using Sessions](#using-sessions)
* [Choosing Your Own Session Middleware](#choosing-your-own-session-middleware)
* [Halting](#halting) * [Halting](#halting)
* [Passing](#passing) * [Passing](#passing)
* [Triggering Another Route](#triggering-another-route) * [Triggering Another Route](#triggering-another-route)
@ -1377,25 +1378,6 @@ get '/:value' do
end end
``` ```
Note that `enable :sessions` actually stores all data in a cookie. This
might not always be what you want (storing lots of data will increase your
traffic, for instance). You can use any Rack session middleware: in order to
do so, do **not** call `enable :sessions`, but instead call `set
:sessions` with your middleware of choice passed in as the value for
`:session_store` along with any other options:
```ruby
set :sessions, :session_store => Rack::Session::Pool, :expire_after => 2592000
get '/' do
"value = " << session[:value].inspect
end
get '/:value' do
session['value'] = params['value']
end
```
To improve security, the session data in the cookie is signed with a session To improve security, the session data in the cookie is signed with a session
secret. A random secret is generated for you by Sinatra. However, since this secret. A random secret is generated for you by Sinatra. However, since this
secret will change with every start of your application, you might want to secret will change with every start of your application, you might want to
@ -1419,6 +1401,40 @@ domain with a *.* like this instead:
set :sessions, :domain => '.foo.com' set :sessions, :domain => '.foo.com'
``` ```
#### Choosing Your Own Session Middleware
Note that `enable :sessions` actually stores all data in a cookie. This
might not always be what you want (storing lots of data will increase your
traffic, for instance). You can use any Rack session middleware: in order to
do so, one of the following methods can be used:
```ruby
enable :sessions
set :session_store, Rack::Session::Pool
```
Or to enable sessions with a hash of options:
```ruby
set :sessions, :expire_after => 2592000
set :session_store, Rack::Session::Pool
```
Another option is to **not** call `enable :sessions`, but instead pull in your
middleware of choice as you would any other middleware:
```ruby
use Rack::Session::Pool, :expire_after => 2592000
```
It is important to note that when using this method, session based protection (see 'Configuring attack protection') will not be enabled by default. The Rack middleware to do that will also need to be added:
```ruby
use Rack::Session::Pool, :expire_after => 2592000
use Rack::Protection::RemoteToken
use Rack::Protection::SessionHijacking
```
### Halting ### Halting
To immediately stop a request within a filter or route use: To immediately stop a request within a filter or route use:
@ -2099,7 +2115,7 @@ set :protection, :except => [:path_traversal, :session_hijacking]
``` ```
By default, Sinatra will only set up session based protection if `:sessions` By default, Sinatra will only set up session based protection if `:sessions`
has been enabled. have been enabled. See 'Using Sessions'.
### Available Settings ### Available Settings
@ -2230,6 +2246,9 @@ has been enabled.
See 'Using Sessions' section for more information. See 'Using Sessions' section for more information.
</dd> </dd>
<dt>session_store</dt>
<dd>The Rack session middleware used. Defaults to <tt>Rack::Session::Cookie</tt>. See 'Using Sessions' section for more information.</dd>
<dt>show_exceptions</dt> <dt>show_exceptions</dt>
<dd> <dd>
Show a stack trace in the browser when an exception happens. Enabled by Show a stack trace in the browser when an exception happens. Enabled by

2
lib/sinatra/base.rb
View File

@ -1709,7 +1709,6 @@ module Sinatra
options = {} options = {}
options[:secret] = session_secret if session_secret? options[:secret] = session_secret if session_secret?
options.merge! sessions.to_hash if sessions.respond_to? :to_hash options.merge! sessions.to_hash if sessions.respond_to? :to_hash
session_store = options.delete(:session_store) { Rack::Session::Cookie }
builder.use session_store, options builder.use session_store, options
end end
@ -1782,6 +1781,7 @@ module Sinatra
set :dump_errors, Proc.new { !test? } set :dump_errors, Proc.new { !test? }
set :show_exceptions, Proc.new { development? } set :show_exceptions, Proc.new { development? }
set :sessions, false set :sessions, false
set :session_store, Rack::Session::Cookie
set :logging, false set :logging, false
set :protection, true set :protection, true
set :method_override, false set :method_override, false

5
test/settings_test.rb
View File

@ -567,7 +567,10 @@ class SettingsTest < Minitest::Test
it 'sets up RemoteToken if sessions are enabled with a custom session store' do it 'sets up RemoteToken if sessions are enabled with a custom session store' do
MiddlewareTracker.track do MiddlewareTracker.track do
Sinatra.new { set :sessions, :session_store => Rack::Session::Pool }.new Sinatra.new {
enable :sessions
set :session_store, Rack::Session::Pool
}.new
assert_include MiddlewareTracker.used, Rack::Session::Pool assert_include MiddlewareTracker.used, Rack::Session::Pool
assert_include MiddlewareTracker.used, Rack::Protection::RemoteToken assert_include MiddlewareTracker.used, Rack::Protection::RemoteToken
end end