Module: ActionController::SessionManagement::ClassMethods

Defined in:

lib/action_controller/session_management.rb

Instance Method Summary

• #cached_session_options ⇒ Object

  :nodoc:.

• #session(*args) ⇒ Object (also: #session=)

  Specify how sessions ought to be managed for a subset of the actions on the controller.

• #session_options ⇒ Object

  Returns the hash used to configure the session.

• #session_options_for(request, action) ⇒ Object

  :nodoc:.

• #session_store ⇒ Object

  Returns the session store class currently used.

• #session_store=(store) ⇒ Object

  Set the session store to be used for keeping the session data between requests.

Instance Method Details

#cached_session_options ⇒ Object

:nodoc:

# File 'lib/action_controller/session_management.rb', line 99

def cached_session_options #:nodoc:
  @session_options ||= read_inheritable_attribute(:session_options) || []
end

#session(*args) ⇒ Object Also known as: session=

Specify how sessions ought to be managed for a subset of the actions on the controller. Like filters, you can specify :only and :except clauses to restrict the subset, otherwise options apply to all actions on this controller.

The session options are inheritable, as well, so if you specify them in a parent controller, they apply to controllers that extend the parent.

Usage:

# turn off session management for all actions.
session :off

# turn off session management for all actions _except_ foo and bar.
session :off, :except => %w(foo bar)

# turn off session management for only the foo and bar actions.
session :off, :only => %w(foo bar)

# the session will only work over HTTPS, but only for the foo action
session :only => :foo, :session_secure => true

# the session by default uses HttpOnly sessions for security reasons.
# this can be switched off.
session :only => :foo, :session_http_only => false

# the session will only be disabled for 'foo', and only if it is
# requested as a web service
session :off, :only => :foo,
        :if => Proc.new { |req| req.parameters[:ws] }

# the session will be disabled for non html/ajax requests
session :off, 
  :if => Proc.new { |req| !(req.format.html? || req.format.js?) }

# turn the session back on, useful when it was turned off in the
# application controller, and you need it on in another controller
session :on

All session options described for ActionController::Base.process_cgi are valid arguments.

# File 'lib/action_controller/session_management.rb', line 82

def session(*args)
  options = args.extract_options!

  options[:disabled] = false if args.delete(:on)
  options[:disabled] = true if !args.empty?
  options[:only] = [*options[:only]].map { |o| o.to_s } if options[:only]
  options[:except] = [*options[:except]].map { |o| o.to_s } if options[:except]
  if options[:only] && options[:except]
    raise ArgumentError, "only one of either :only or :except are allowed"
  end

  write_inheritable_array(:session_options, [options])
end

#session_options ⇒ Object

Returns the hash used to configure the session. Example use:

ActionController::Base.session_options[:session_secure] = true # session only available over HTTPS

# File 'lib/action_controller/session_management.rb', line 37

def session_options
  ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS
end

#session_options_for(request, action) ⇒ Object

:nodoc:

# File 'lib/action_controller/session_management.rb', line 103

def session_options_for(request, action) #:nodoc:
  if (session_options = cached_session_options).empty?
    {}
  else
    options = {}

    action = action.to_s
    session_options.each do |opts|
      next if opts[:if] && !opts[:if].call(request)
      if opts[:only] && opts[:only].include?(action)
        options.merge!(opts)
      elsif opts[:except] && !opts[:except].include?(action)
        options.merge!(opts)
      elsif !opts[:only] && !opts[:except]
        options.merge!(opts)
      end
    end
    
    if options.empty? then options
    else
      options.delete :only
      options.delete :except
      options.delete :if
      options[:disabled] ? false : options
    end
  end
end

#session_store ⇒ Object

Returns the session store class currently used.

# File 'lib/action_controller/session_management.rb', line 30

def session_store
  ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager]
end

#session_store=(store) ⇒ Object

Set the session store to be used for keeping the session data between requests. By default, sessions are stored in browser cookies (:cookie_store), but you can also specify one of the other included stores (:active_record_store, :p_store, :drb_store, :mem_cache_store, or :memory_store) or your own custom class.

# File 'lib/action_controller/session_management.rb', line 24

def session_store=(store)
  ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager] =
    store.is_a?(Symbol) ? CGI::Session.const_get(store == :drb_store ? "DRbStore" : store.to_s.camelize) : store
end