Class: Rack::Session::Cookie

Inherits:
Abstract::Persisted show all
Defined in:
lib/rack/session/cookie.rb

Overview

Rack::Session::Cookie provides simple cookie based session management. By default, the session is a Ruby Hash stored as base64 encoded marshalled data set to :key (default: rack.session). The object that encodes the session data is configurable and must respond to encode and decode. Both methods must take a string and return a string.

When the secret key is set, cookie data is checked for data integrity. The old secret key is also accepted and allows graceful secret rotation.

Example:

use Rack::Session::Cookie, :key => 'rack.session',
                           :domain => 'foo.com',
                           :path => '/',
                           :expire_after => 2592000,
                           :secret => 'change_me',
                           :old_secret => 'also_change_me'

All parameters are optional.

Example of a cookie with no encoding:

Rack::Session::Cookie.new(application, {
  :coder => Rack::Session::Cookie::Identity.new
})

Example of a cookie with custom encoding:

Rack::Session::Cookie.new(application, {
  :coder => Class.new {
    def encode(str); str.reverse; end
    def decode(str); str.reverse; end
  }.new
})

Defined Under Namespace

Classes: Base64, Identity

Constant Summary

Constants inherited from Abstract::Persisted

Abstract::Persisted::DEFAULT_OPTIONS

Instance Attribute Summary collapse

Attributes inherited from Abstract::Persisted

#default_options, #key, #sid_secure

Instance Method Summary collapse

Methods inherited from Abstract::Persisted

#call, #commit_session, #context

Constructor Details

#initialize(app, options = {}) ⇒ Cookie



106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# File 'lib/rack/session/cookie.rb', line 106

def initialize(app, options={})
  @secrets = options.values_at(:secret, :old_secret).compact
  @hmac = options.fetch(:hmac, OpenSSL::Digest::SHA1)

  warn "SECURITY WARNING: No secret option provided to Rack::Session::Cookie.\nThis poses a security threat. It is strongly recommended that you\nprovide a secret to prevent exploits that may be possible from crafted\ncookies. This will not be supported in future versions of Rack, and\nfuture versions will even invalidate your existing user cookies.\n\nCalled from: \#{caller[0]}.\n" unless secure?(options)
  @coder  = options[:coder] ||= Base64::Marshal.new
  super(app, options.merge!(:cookie_only => true))
end

Instance Attribute Details

#coderObject (readonly)

Returns the value of attribute coder



104
105
106
# File 'lib/rack/session/cookie.rb', line 104

def coder
  @coder
end