Class: Rack::Session::Abstract::Persisted

Inherits:

Object

• Object
• Rack::Session::Abstract::Persisted

Defined in:

lib/rack/session/abstract/id.rb

Overview

ID sets up a basic framework for implementing an id based sessioning service. Cookies sent to the client for maintaining sessions will only contain an id reference. Only #find_session, #write_session and #delete_session are required to be overwritten.

All parameters are optional.

• :key determines the name of the cookie, by default it is ‘rack.session’

• :path, :domain, :expire_after, :secure, :httponly, and :same_site set the related cookie options as by Rack::Response#set_cookie

• :skip will not a set a cookie in the response nor update the session state

• :defer will not set a cookie in the response but still update the session state if it is used with a backend

• :renew (implementation dependent) will prompt the generation of a new session id, and migration of data to be referenced at the new id. If :defer is set, it will be overridden and the cookie will be set.

• :sidbits sets the number of bits in length that a generated session id will be.

These options can be set on a per request basis, at the location of env['rack.session.options']. Additionally the id of the session can be found within the options hash at the key :id. It is highly not recommended to change its value.

Is Rack::Utils::Context compatible.

Not included by default; you must require ‘rack/session/abstract/id’ to use.

Direct Known Subclasses

ID, PersistedSecure

Constant Summary

DEFAULT_OPTIONS =

{
  key: RACK_SESSION,
  path: '/',
  domain: nil,
  expire_after: nil,
  secure: false,
  httponly: true,
  defer: false,
  renew: false,
  sidbits: 128,
  cookie_only: true,
  secure_random: ::SecureRandom
}.freeze

Instance Attribute Summary

• #default_options ⇒ Object readonly

  Returns the value of attribute default_options.

• #key ⇒ Object readonly

  Returns the value of attribute key.

• #same_site ⇒ Object readonly

  Returns the value of attribute same_site.

• #sid_secure ⇒ Object readonly

  Returns the value of attribute sid_secure.

Instance Method Summary

• #call(env) ⇒ Object
• #commit_session(req, res) ⇒ Object

  Acquires the session from the environment and the session id from the session options and passes them to #write_session.

• #context(env, app = @app) ⇒ Object
• #initialize(app, options = {}) ⇒ Persisted constructor

  A new instance of Persisted.

Constructor Details

#initialize(app, options = {}) ⇒ Persisted

Returns a new instance of Persisted.

# File 'lib/rack/session/abstract/id.rb', line 256

def initialize(app, options = {})
  @app = app
  @default_options = self.class::DEFAULT_OPTIONS.merge(options)
  @key = @default_options.delete(:key)
  @cookie_only = @default_options.delete(:cookie_only)
  @same_site = @default_options.delete(:same_site)
  initialize_sid
end

Instance Attribute Details

#default_options ⇒ Object (readonly)

Returns the value of attribute default_options.

# File 'lib/rack/session/abstract/id.rb', line 254

def default_options
  @default_options
end

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/rack/session/abstract/id.rb', line 254

def key
  @key
end

#same_site ⇒ Object (readonly)

Returns the value of attribute same_site.

# File 'lib/rack/session/abstract/id.rb', line 254

def same_site
  @same_site
end

#sid_secure ⇒ Object (readonly)

Returns the value of attribute sid_secure.

# File 'lib/rack/session/abstract/id.rb', line 254

def sid_secure
  @sid_secure
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/rack/session/abstract/id.rb', line 265

def call(env)
  context(env)
end

#commit_session(req, res) ⇒ Object

Acquires the session from the environment and the session id from the session options and passes them to #write_session. If successful and the :defer option is not true, a cookie will be added to the response with the session’s id.

# File 'lib/rack/session/abstract/id.rb', line 379

def commit_session(req, res)
  session = req.get_header RACK_SESSION
  options = session.options

  if options[:drop] || options[:renew]
    session_id = delete_session(req, session.id || generate_sid, options)
    return unless session_id
  end

  return unless commit_session?(req, session, options)

  session.send(:load!) unless loaded_session?(session)
  session_id ||= session.id
  session_data = session.to_hash.delete_if { |k, v| v.nil? }

  if not data = write_session(req, session_id, session_data, options)
    req.get_header(RACK_ERRORS).puts("Warning! #{self.class.name} failed to save session. Content dropped.")
  elsif options[:defer] and not options[:renew]
    req.get_header(RACK_ERRORS).puts("Deferring cookie for #{session_id}") if $VERBOSE
  else
    cookie = Hash.new
    cookie[:value] = cookie_value(data)
    cookie[:expires] = Time.now + options[:expire_after] if options[:expire_after]
    cookie[:expires] = Time.now + options[:max_age] if options[:max_age]

    if @same_site.respond_to? :call
      cookie[:same_site] = @same_site.call(req, res)
    else
      cookie[:same_site] = @same_site
    end
    set_cookie(req, res, cookie.merge!(options))
  end
end

#context(env, app = @app) ⇒ Object

# File 'lib/rack/session/abstract/id.rb', line 269

def context(env, app = @app)
  req = make_request env
  prepare_session(req)
  status, headers, body = app.call(req.env)
  res = Rack::Response::Raw.new status, headers
  commit_session(req, res)
  [status, headers, body]
end