Class: Rack::Session::Cookie
- Inherits:
-
Abstract::PersistedSecure
- Object
- Abstract::Persisted
- Abstract::PersistedSecure
- Rack::Session::Cookie
- Defined in:
- lib/rack/session/cookie.rb
Overview
Rack::Session::Cookie provides simple cookie based session management. By default, the session is a Ruby Hash stored as base64 encoded marshalled data set to :key (default: rack.session). The object that encodes the session data is configurable and must respond to encode
and decode
. Both methods must take a string and return a string.
When the secret key is set, cookie data is checked for data integrity. The old secret key is also accepted and allows graceful secret rotation.
Example:
use Rack::Session::Cookie, :key => 'rack.session',
:domain => 'foo.com',
:path => '/',
:expire_after => 2592000,
:secret => 'change_me',
:old_secret => 'also_change_me'
All parameters are optional.
Example of a cookie with no encoding:
Rack::Session::Cookie.new(application, {
:coder => Rack::Session::Cookie::Identity.new
})
Example of a cookie with custom encoding:
Rack::Session::Cookie.new(application, {
:coder => Class.new {
def encode(str); str.reverse; end
def decode(str); str.reverse; end
}.new
})
Defined Under Namespace
Classes: Base64, Identity, SessionId
Constant Summary
Constants inherited from Abstract::Persisted
Abstract::Persisted::DEFAULT_OPTIONS
Instance Attribute Summary collapse
-
#coder ⇒ Object
readonly
Returns the value of attribute coder.
Attributes inherited from Abstract::Persisted
#default_options, #key, #sid_secure
Instance Method Summary collapse
-
#initialize(app, options = {}) ⇒ Cookie
constructor
A new instance of Cookie.
Methods inherited from Abstract::PersistedSecure
Methods inherited from Abstract::Persisted
#call, #commit_session, #context
Constructor Details
#initialize(app, options = {}) ⇒ Cookie
Returns a new instance of Cookie.
108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 |
# File 'lib/rack/session/cookie.rb', line 108 def initialize(app, = {}) @secrets = .values_at(:secret, :old_secret).compact @hmac = .fetch(:hmac, OpenSSL::Digest::SHA1) warn "SECURITY WARNING: No secret option provided to Rack::Session::Cookie.\nThis poses a security threat. It is strongly recommended that you\nprovide a secret to prevent exploits that may be possible from crafted\ncookies. This will not be supported in future versions of Rack, and\nfuture versions will even invalidate your existing user cookies.\n\nCalled from: \#{caller[0]}.\n" unless secure?() @coder = [:coder] ||= Base64::Marshal.new super(app, .merge!(cookie_only: true)) end |
Instance Attribute Details
#coder ⇒ Object (readonly)
Returns the value of attribute coder.
106 107 108 |
# File 'lib/rack/session/cookie.rb', line 106 def coder @coder end |