Mostly ported from Ramaze, but behaves lazy, no session will be created if no session is used.
We keep session data in memory until # is called, at which point it will be persisted completely into the cache, no question asked.
You may store anything in here that you may also store in the corresponding store, usually it’s best to keep it to things that are safe to Marshal.
The Session instance is compatible with the specification of rack.session.
Since the Time class is used to create the cookie expiration timestamp, you will have to keep the ttl in a reasonable range. The maximum value that Time can store on a 32bit system is:
Time.at(2147483647) # => Tue Jan 19 12:14:07 +0900 2038
The default expiration time for cookies and the session cache was reduced to a default of 30 days. This was done to be compatible with the maximum ttl of MemCache. You may increase this value if you do not use MemCache to persist your sessions.
# File lib/innate/session.rb, line 71 71: def clear 72: cache.delete(sid) 73: @cache_sid = nil 74: end
# File lib/innate/session.rb, line 67 67: def delete(key) 68: cache_sid.delete(key) 69: end
# File lib/innate/session.rb, line 62 62: def fetch(key, value = nil) 63: cache_sid[key] 64: end
Additional interface
# File lib/innate/session.rb, line 78 78: def flush(response = @response) 79: return if !@cache_sid or @cache_sid.empty? 80: 81: flash.rotate! 82: cache.store(sid, cache_sid, :ttl => options.ttl) 83: set_cookie(response) 84: end
# File lib/innate/session.rb, line 90 90: def resid! 91: cache_sid 92: cache.delete(sid) 93: @sid = generate_sid 94: @force_new_cookie = true 95: end
# File lib/innate/session.rb, line 86 86: def sid 87: @sid ||= cookie || generate_sid 88: end
Rack interface
# File lib/innate/session.rb, line 57 57: def store(key, value) 58: cache_sid[key] = value 59: end
# File lib/innate/session.rb, line 107 107: def cache 108: Innate::Cache.session 109: end
# File lib/innate/session.rb, line 99 99: def cache_sid 100: @cache_sid ||= cache[sid] || {} 101: end
# File lib/innate/session.rb, line 131 131: def generate_sid 132: begin sid = sid_algorithm end while cache[sid] 133: sid 134: end
Using SecureRandom, optional length. SecureRandom is available since Ruby 1.8.7. For Ruby versions earlier than that, you can require the uuidtools gem, which has a drop-in replacement for SecureRandom.
# File lib/innate/session.rb, line 143 143: def sid_algorithm; SecureRandom.hex(options.sid_length); end
Digest::SHA2::hexdigest produces a string of length 64, although collisions are not very likely, the entropy is still very low and length is not optional.
Replacing it with OS-provided random data would take a lot of code and won’t be as cross-platform as Ruby.
# File lib/innate/session.rb, line 164 164: def sid_algorithm 165: entropy = [ srand, rand, Time.now.to_f, rand, $$, rand, object_id ] 166: Digest::SHA2.hexdigest(entropy.join) 167: end
Using OpenSSL::Random for generation, this is comparable in performance with stdlib SecureRandom and also allows for optional length, it should have the same behaviour as the SecureRandom::hex method of the uuidtools gem.
# File lib/innate/session.rb, line 151 151: def sid_algorithm 152: OpenSSL::Random.random_bytes(options.sid_length / 2).unpack('H*')[0] 153: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.