Parent

Class Index [+]

Quicksearch

Rack::Session::Cookie

Rack::Session::Cookie provides simple cookie based session management. By default, the session is a Ruby Hash stored as base64 encoded marshalled data set to :key (default: rack.session). The object that encodes the session data is configurable and must respond to encode and decode. Both methods must take a string and return a string.

When the secret key is set, cookie data is checked for data integrity. The old secret key is also accepted and allows graceful secret rotation.

Example:

    use Rack::Session::Cookie, :key => 'rack.session',
                               :domain => 'foo.com',
                               :path => '/',
                               :expire_after => 2592000,
                               :secret => 'change_me',
                               :old_secret => 'also_change_me'

    All parameters are optional.

Example of a cookie with no encoding:

  Rack::Session::Cookie.new(application, {
    :coder => Rack::Session::Cookie::Identity.new
  })

Example of a cookie with custom encoding:

  Rack::Session::Cookie.new(application, {
    :coder => Class.new {
      def encode(str); str.reverse; end
      def decode(str); str.reverse; end
    }.new
  })

Attributes

coder[R]

Public Class Methods

new(app, options={}) click to toggle source
    # File lib/rack/session/cookie.rb, line 83
83:       def initialize(app, options={})
84:         @secrets = options.values_at(:secret, :old_secret).compact
85:         @coder  = options[:coder] ||= Base64::Marshal.new
86:         super(app, options.merge!(:cookie_only => true))
87:       end

Private Instance Methods

destroy_session(env, session_id, options) click to toggle source
     # File lib/rack/session/cookie.rb, line 150
150:       def destroy_session(env, session_id, options)
151:         # Nothing to do here, data is in the client
152:         generate_sid unless options[:drop]
153:       end
extract_session_id(env) click to toggle source
    # File lib/rack/session/cookie.rb, line 97
97:       def extract_session_id(env)
98:         unpacked_cookie_data(env)["session_id"]
99:       end
generate_hmac(data, secret) click to toggle source
     # File lib/rack/session/cookie.rb, line 155
155:       def generate_hmac(data, secret)
156:         OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, secret, data)
157:       end
load_session(env) click to toggle source
    # File lib/rack/session/cookie.rb, line 91
91:       def load_session(env)
92:         data = unpacked_cookie_data(env)
93:         data = persistent_session_id!(data)
94:         [data["session_id"], data]
95:       end
persistent_session_id!(data, sid=nil) click to toggle source
     # File lib/rack/session/cookie.rb, line 122
122:       def persistent_session_id!(data, sid=nil)
123:         data ||= {}
124:         data["session_id"] ||= sid || generate_sid
125:         data
126:       end
set_session(env, session_id, session, options) click to toggle source
     # File lib/rack/session/cookie.rb, line 134
134:       def set_session(env, session_id, session, options)
135:         session = session.merge("session_id" => session_id)
136:         session_data = coder.encode(session)
137: 
138:         if @secrets.first
139:           session_data = "#{session_data}--#{generate_hmac(session_data, @secrets.first)}"
140:         end
141: 
142:         if session_data.size > (4096 - @key.size)
143:           env["rack.errors"].puts("Warning! Rack::Session::Cookie data size exceeds 4K.")
144:           nil
145:         else
146:           session_data
147:         end
148:       end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.