Class: Monorail::SessionManager

Inherits:

Object

• Object
• Monorail::SessionManager

Includes:

Singleton

Defined in:

lib/monorail/monorail_webd.rb

Overview

class SessionManager Generate sessions and session keys. This singleton class is used to support Monorail requests. We get our session keys from a system entropy machine. This version REQUIRES uuidgen and throws a fatal error if it’s not present.

Defined Under Namespace

Classes: TooManySessions

Constant Summary

SessionTimeout =

TODO, make the session timeout (currently hardcoded to 10 minutes) configurable.

600

AuthorizationTimeout =

Authorization timeout is an interval after which we must re-authorize against an authoritative source. It’s to make sure we cut the user off in case his access rights should expire or be revoked during a session.

120

MaxSessions =

MaxSessions is the top number of sessions we permit at a time. May need to become configurable

100

Instance Method Summary

• #create_session ⇒ Object

  create_session This is as a good a place as any to purge expired sessions.

• #generate_key ⇒ Object

  generate_key.

• #get_key_seed ⇒ Object

  get_key_seed This method uses uuidgen, which must be present on the system.

• #initialize ⇒ SessionManager constructor

  initialize.

• #purge_expired_sessions ⇒ Object

  purge_expired_sessions.

• #retrieve_or_create_session(session_name) ⇒ Object

  retrieve_or_create_session.

Constructor Details

#initialize ⇒ SessionManager

initialize

# File 'lib/monorail/monorail_webd.rb', line 89

def initialize
  # generate one key and throw it away. That way if there is a problem
  # with the entropy generator, it'll generate an exception at the top
  # of the run.
  generate_key
  @sessions = {}
end

Instance Method Details

#create_session ⇒ Object

create_session This is as a good a place as any to purge expired sessions. We also throttle the total number of sessions open at any given time.

# File 'lib/monorail/monorail_webd.rb', line 145

def create_session
  purge_expired_sessions

  unless @sessions.size < MaxSessions
    raise TooManySessions
  end

  sc = Session.new
  @sessions [sc.session_name.dup] = sc
  sc
end

#generate_key ⇒ Object

generate_key

# File 'lib/monorail/monorail_webd.rb', line 110

def generate_key
  if !@key_suffix or @key_suffix > 1000000
    @key_seed = get_key_seed
    raise "Invalid session-key seed" unless @key_seed.length > 8
    @key_suffix = 0
  end
  @key_suffix += 1
  format( "%s%08x", @key_seed, @key_suffix )
end

#get_key_seed ⇒ Object

get_key_seed This method uses uuidgen, which must be present on the system. Override here to use some other mechanism.

# File 'lib/monorail/monorail_webd.rb', line 103

def get_key_seed
  `uuidgen -r`.chomp.gsub(/[\-]/, "")
end

#purge_expired_sessions ⇒ Object

purge_expired_sessions

# File 'lib/monorail/monorail_webd.rb', line 161

def purge_expired_sessions
  @sessions.delete_if {|k,v|
    v.is_expired?
  }
end

#retrieve_or_create_session(session_name) ⇒ Object

retrieve_or_create_session

# File 'lib/monorail/monorail_webd.rb', line 123

def retrieve_or_create_session session_name
  sc = @sessions[session_name]

  if sc
    if sc.is_expired?
      @sessions.delete sc.session_name
      sc = nil
    else
      sc.touch
    end
  end

  sc or create_session

end