Class: Rack::Session::Cookie

Inherits:

Abstract::PersistedSecure

• Object
• Abstract::Persisted
• Abstract::PersistedSecure
• Rack::Session::Cookie

Defined in:

lib/rack/session/cookie.rb

Overview

Rack::Session::Cookie provides simple cookie based session management. By default, the session is a Ruby Hash stored as base64 encoded marshalled data set to :key (default: rack.session). The object that encodes the session data is configurable and must respond to encode and decode. Both methods must take a string and return a string.

When the secret key is set, cookie data is checked for data integrity. The old secret key is also accepted and allows graceful secret rotation.

Example:

use Rack::Session::Cookie, :key => 'rack.session',
                           :domain => 'foo.com',
                           :path => '/',
                           :expire_after => 2592000,
                           :secret => 'change_me',
                           :old_secret => 'also_change_me'

All parameters are optional.

Example of a cookie with no encoding:

Rack::Session::Cookie.new(application, {
  :coder => Rack::Session::Cookie::Identity.new
})

Example of a cookie with custom encoding:

Rack::Session::Cookie.new(application, {
  :coder => Class.new {
    def encode(str); str.reverse; end
    def decode(str); str.reverse; end
  }.new
})

Defined Under Namespace

Classes: Base64, Identity, SessionId

Constant Summary

Constants inherited from Abstract::Persisted

Abstract::Persisted::DEFAULT_OPTIONS

Instance Attribute Summary

• #coder ⇒ Object readonly

  Returns the value of attribute coder.

Attributes inherited from Abstract::Persisted

#default_options, #key, #sid_secure

Instance Method Summary

• #initialize(app, options = {}) ⇒ Cookie constructor

  A new instance of Cookie.

Methods inherited from Abstract::PersistedSecure

#generate_sid

Methods inherited from Abstract::Persisted

#call, #commit_session, #context

Constructor Details

#initialize(app, options = {}) ⇒ Cookie

Returns a new instance of Cookie.

# File 'lib/rack/session/cookie.rb', line 108

def initialize(app, options = {})
  @secrets = options.values_at(:secret, :old_secret).compact
  @hmac = options.fetch(:hmac, OpenSSL::Digest::SHA1)

  warn "SECURITY WARNING: No secret option provided to Rack::Session::Cookie.\nThis poses a security threat. It is strongly recommended that you\nprovide a secret to prevent exploits that may be possible from crafted\ncookies. This will not be supported in future versions of Rack, and\nfuture versions will even invalidate your existing user cookies.\n\nCalled from: \#{caller[0]}.\n" unless secure?(options)
  @coder = options[:coder] ||= Base64::Marshal.new
  super(app, options.merge!(cookie_only: true))
end

Instance Attribute Details

#coder ⇒ Object (readonly)

Returns the value of attribute coder.

# File 'lib/rack/session/cookie.rb', line 106

def coder
  @coder
end