Method: CGI::Session#initialize

Defined in:

lib/cgi/session.rb

#initialize(request, option = {}) ⇒ Session

Create a new CGI::Session object for request.

request is an instance of the CGI class (see cgi.rb). option is a hash of options for initialising this CGI::Session instance. The following options are recognised:

session_key

the parameter name used for the session id. Defaults to ‘_session_id’.

session_id

the session id to use. If not provided, then it is retrieved from the session_key parameter of the request, or automatically generated for a new session.

new_session

if true, force creation of a new session. If not set, a new session is only created if none currently exists. If false, a new session is never created, and if none currently exists and the session_id option is not set, an ArgumentError is raised.

database_manager

the name of the class providing storage facilities for session state persistence. Built-in support is provided for FileStore (the default), MemoryStore, and PStore (from cgi/session/pstore.rb). See the documentation for these classes for more details.

The following options are also recognised, but only apply if the session id is stored in a cookie.

session_expires

the time the current session expires, as a Time object. If not set, the session will terminate when the user’s browser is closed.

session_domain

the hostname domain for which this session is valid. If not set, defaults to the hostname of the server.

session_secure

if true, this session will only work over HTTPS.

session_path

the path for which this session applies. Defaults to the directory of the CGI script.

option is also passed on to the session storage class initialiser; see the documentation for each session storage class for the options they support.

The retrieved or created session is automatically added to request as a cookie, and also to its output_hidden table, which is used to add hidden input elements to forms.

WARNING the output_hidden fields are surrounded by a <fieldset> tag in HTML 4 generation, which is not invisible on many browsers; you may wish to disable the use of fieldsets with code similar to the following (see blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/37805)

cgi = CGI.new("html4")
class << cgi
    undef_method :fieldset
end

# File 'lib/cgi/session.rb', line 246

def initialize(request, option={})
  @new_session = false
  session_key = option['session_key'] || '_session_id'
  session_id = option['session_id']
  unless session_id
	if option['new_session']
	  session_id = create_new_id
	end
  end
  unless session_id
	if request.key?(session_key)
	  session_id = request[session_key]
	  session_id = session_id.read if session_id.respond_to?(:read)
	end
	unless session_id
	  session_id, = request.cookies[session_key]
	end
	unless session_id
	  unless option.fetch('new_session', true)
 raise ArgumentError, "session_key `%s' should be supplied"%session_key
	  end
	  session_id = create_new_id
	end
  end
  @session_id = session_id
  dbman = option['database_manager'] || FileStore
  begin
    @dbman = dbman::new(self, option)
  rescue NoSession
    unless option.fetch('new_session', true)
      raise ArgumentError, "invalid session_id `%s'"%session_id
    end
    session_id = @session_id = create_new_id
    retry
  end
  request.instance_eval do
	@output_hidden = {session_key => session_id} unless option['no_hidden']
	@output_cookies =  [
      Cookie::new("name" => session_key,
    "value" => session_id,
    "expires" => option['session_expires'],
    "domain" => option['session_domain'],
    "secure" => option['session_secure'],
    "path" => if option['session_path'] then
  option['session_path']
              elsif ENV["SCRIPT_NAME"] then
  File::dirname(ENV["SCRIPT_NAME"])
else
  ""
end)
    ] unless option['no_cookies']
  end
  @dbprot = [@dbman]
  ObjectSpace::define_finalizer(self, Session::callback(@dbprot))
end