Class: WebSvr::Session

Inherits:

Object

• Object
• WebSvr::Session

Defined in:

lib/web_svr/session.rb

Constant Summary

SESSION_CONTAINER =

'session'.freeze

SESSION_ID_NAME =

'session_id'.freeze

Instance Method Summary

• #add_session_for_response(headers) ⇒ Object

  If there is session data, encrypt and add it to the response.

• #add_session_to_response ⇒ Object

  Temporarily set the flag to add the session data to the response.

• #clear_session_data ⇒ Object

  Clear out the session Id.

• #cookie_expires ⇒ Object

  Get the expiration time for the session cookie.

• #cookie_path ⇒ Object

  Get the path for the session cookie.

• #decode_decrypt(data) ⇒ Object

  Decode and decrypt the session data.

• #encrypt_encode(data) ⇒ Object

  Encrypt and encode the session data.

• #get_session_id ⇒ Object

  Initialize the session id and add it to the data.

• #init_session_id ⇒ Object
• #initialize(engine, server_obj) ⇒ Session constructor

  Set up the web server.

• #iv ⇒ Object

  Get the initialization vector for the cipher.

• #key ⇒ Object

  Get the key for the encryption cipher.

• #secure_cookie? ⇒ Boolean

  Should the session cookie be secure?.

• #session_name ⇒ Object

  Get the session cookie name.

• #set_session_data_for_request(env) ⇒ Object

  Get the session data from the encrypted cookie.

Constructor Details

#initialize(engine, server_obj) ⇒ Session

Set up the web server.

# File 'lib/web_svr/session.rb', line 27

def initialize( engine, server_obj )
  @engine = engine
  @log = @engine.log

  @server_obj = server_obj
  @include_in_response = false
  @clearing_session = false
end

Instance Method Details

#add_session_for_response(headers) ⇒ Object

If there is session data, encrypt and add it to the response. Once done, clear out the session data.

# File 'lib/web_svr/session.rb', line 119

def add_session_for_response( headers )
  # Are we using sessions?
  if @server_obj.use_session? && @include_in_response
    # Reset the flag because we are adding to the session data now
    @include_in_response = false

    # Build and add encrypted session data
    data = @server_obj.get_session_data
    data[ SESSION_ID_NAME ] = get_session_id

    unless data.empty?
      data = encrypt_encode( data )
      session_hash = { 
        value: data, 
        path: cookie_path, 
        expires: cookie_expires,
        http_only: true }

      if secure_cookie?
        session_hash[ :secure ] = true
      end

      Rack::Utils.set_cookie_header!( headers, session_name, session_hash )
    end
  end

  return headers
end

#add_session_to_response ⇒ Object

Temporarily set the flag to add the session data to the response. Once this is done, the flag will be cleared and it will not be added to the next request unless specifically set.

# File 'lib/web_svr/session.rb', line 81

def add_session_to_response
  @include_in_response = true
end

#clear_session_data ⇒ Object

Clear out the session Id. Set the flag to add the session data to the response.

# File 'lib/web_svr/session.rb', line 109

def clear_session_data
  @session_id = nil
  @clearing_session = true
  add_session_to_response
end

#cookie_expires ⇒ Object

Get the expiration time for the session cookie.

# File 'lib/web_svr/session.rb', line 201

def cookie_expires
  return @server_obj.session_cookie_expires
end

#cookie_path ⇒ Object

Get the path for the session cookie.

# File 'lib/web_svr/session.rb', line 194

def cookie_path
  return @server_obj.session_cookie_path
end

#decode_decrypt(data) ⇒ Object

Decode and decrypt the session data.

# File 'lib/web_svr/session.rb', line 163

def decode_decrypt( data )
  return nil unless data && key && iv

  data = Gloo::Objs::Cipher.decrypt( data, key, iv )
  return JSON.parse( data )
end

#encrypt_encode(data) ⇒ Object

Encrypt and encode the session data.

# File 'lib/web_svr/session.rb', line 156

def encrypt_encode( data )
  return Gloo::Objs::Cipher.encrypt( data.to_json, key, iv )
end

#get_session_id ⇒ Object

Initialize the session id and add it to the data. Use the current session ID if it is there.

# File 'lib/web_svr/session.rb', line 94

def get_session_id
  if @clearing_session
    @clearing_session = false
    return nil
  end

  init_session_id if @session_id.blank?

  return @session_id
end

#init_session_id ⇒ Object

# File 'lib/web_svr/session.rb', line 85

def init_session_id
  @session_id = Gloo::Objs::CsrfToken.generate_csrf_token
  return @session_id
end

#iv ⇒ Object

Get the initialization vector for the cipher.

# File 'lib/web_svr/session.rb', line 187

def iv
  return @server_obj.encryption_iv
end

#key ⇒ Object

Get the key for the encryption cipher.

# File 'lib/web_svr/session.rb', line 180

def key
  return @server_obj.encryption_key
end

#secure_cookie? ⇒ Boolean

Should the session cookie be secure?

Returns:

• (Boolean)

# File 'lib/web_svr/session.rb', line 208

def secure_cookie?
  return @server_obj.session_cookie_secure
end

#session_name ⇒ Object

Get the session cookie name.

# File 'lib/web_svr/session.rb', line 173

def session_name
  return @server_obj.session_name
end

#set_session_data_for_request(env) ⇒ Object

Get the session data from the encrypted cookie. Add it to the session container.

# File 'lib/web_svr/session.rb', line 45

def set_session_data_for_request( env )
  begin
    cookie_hash = Rack::Utils.parse_cookies( env )

    # Are we using sessions?
    if @server_obj.use_session?
      data = cookie_hash[ session_name ]

      if data
        data = decode_decrypt( data ) 
        return unless data
        
        @session_id = data[ SESSION_ID_NAME ]

        data.each do |key, value|
          unless key == SESSION_ID_NAME
            @server_obj.set_session_var( key, value )
          end
        end
      end
    end
  rescue => e
    @engine.log_exception e
  end
end