Parent

Namespace

Included Modules

Innate::Session

Mostly ported from Ramaze, but behaves lazy, no session will be created if no session is used.

We keep session data in memory until # is called, at which point it will be persisted completely into the cache, no question asked.

You may store anything in here that you may also store in the corresponding store, usually it’s best to keep it to things that are safe to Marshal.

The Session instance is compatible with the specification of rack.session.

Since the Time class is used to create the cookie expiration timestamp, you will have to keep the ttl in a reasonable range. The maximum value that Time can store on a 32bit system is:

  Time.at(2147483647) # => Tue Jan 19 12:14:07 +0900 2038

The default expiration time for cookies and the session cache was reduced to a default of 30 days. This was done to be compatible with the maximum ttl of MemCache. You may increase this value if you do not use MemCache to persist your sessions.

Attributes

request[R]
response[R]
flash[R]

Public Class Methods

new(request, response) click to toggle source
    # File lib/innate/session.rb, line 47
47:     def initialize(request, response)
48:       @request, @response = request, response
49:       @cookie_set = false
50:       @force_new_cookie = false
51:       @cache_sid = nil
52:       @flash = Flash.new(self)
53:     end

Public Instance Methods

[](key, value = nil) click to toggle source
Alias for: fetch
[]=(key, value) click to toggle source
Alias for: store
clear() click to toggle source
    # File lib/innate/session.rb, line 71
71:     def clear
72:       cache.delete(sid)
73:       @cache_sid = nil
74:     end
delete(key) click to toggle source
    # File lib/innate/session.rb, line 67
67:     def delete(key)
68:       cache_sid.delete(key)
69:     end
fetch(key, value = nil) click to toggle source
    # File lib/innate/session.rb, line 62
62:     def fetch(key, value = nil)
63:       cache_sid[key]
64:     end
Also aliased as: []
flush(response = @response) click to toggle source

Additional interface

    # File lib/innate/session.rb, line 78
78:     def flush(response = @response)
79:       return if !@cache_sid or @cache_sid.empty?
80: 
81:       flash.rotate!
82:       cache.store(sid, cache_sid, :ttl => options.ttl)
83:       set_cookie(response)
84:     end
resid!() click to toggle source
    # File lib/innate/session.rb, line 90
90:     def resid!
91:       cache_sid
92:       cache.delete(sid)
93:       @sid = generate_sid
94:       @force_new_cookie = true
95:     end
sid() click to toggle source
    # File lib/innate/session.rb, line 86
86:     def sid
87:       @sid ||= cookie || generate_sid
88:     end
store(key, value) click to toggle source

Rack interface

    # File lib/innate/session.rb, line 57
57:     def store(key, value)
58:       cache_sid[key] = value
59:     end
Also aliased as: []=

Private Instance Methods

cache() click to toggle source
     # File lib/innate/session.rb, line 107
107:     def cache
108:       Innate::Cache.session
109:     end
cache_sid() click to toggle source
     # File lib/innate/session.rb, line 99
 99:     def cache_sid
100:       @cache_sid ||= cache[sid] || {}
101:     end
generate_sid() click to toggle source
     # File lib/innate/session.rb, line 131
131:     def generate_sid
132:       begin sid = sid_algorithm end while cache[sid]
133:       sid
134:     end
sid_algorithm() click to toggle source

Using SecureRandom, optional length. SecureRandom is available since Ruby 1.8.7. For Ruby versions earlier than that, you can require the uuidtools gem, which has a drop-in replacement for SecureRandom.

     # File lib/innate/session.rb, line 143
143:       def sid_algorithm; SecureRandom.hex(options.sid_length); end
sid_algorithm() click to toggle source

Digest::SHA2::hexdigest produces a string of length 64, although collisions are not very likely, the entropy is still very low and length is not optional.

Replacing it with OS-provided random data would take a lot of code and won’t be as cross-platform as Ruby.

     # File lib/innate/session.rb, line 164
164:       def sid_algorithm
165:         entropy = [ srand, rand, Time.now.to_f, rand, $$, rand, object_id ]
166:         Digest::SHA2.hexdigest(entropy.join)
167:       end
sid_algorithm() click to toggle source

Using OpenSSL::Random for generation, this is comparable in performance with stdlib SecureRandom and also allows for optional length, it should have the same behaviour as the SecureRandom::hex method of the uuidtools gem.

     # File lib/innate/session.rb, line 151
151:       def sid_algorithm
152:         OpenSSL::Random.random_bytes(options.sid_length / 2).unpack('H*')[0]
153:       end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.