Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
224a5344
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
224a5344
编写于
3月 09, 2009
作者:
J
Joshua Peek
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
reset_session should force a new session id to be generated [#2173]
上级
4458edc8
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
50 addition
and
16 deletion
+50
-16
actionpack/lib/action_controller/request.rb
actionpack/lib/action_controller/request.rb
+1
-0
actionpack/test/activerecord/active_record_store_test.rb
actionpack/test/activerecord/active_record_store_test.rb
+25
-0
actionpack/test/controller/session/mem_cache_store_test.rb
actionpack/test/controller/session/mem_cache_store_test.rb
+24
-16
未找到文件。
actionpack/lib/action_controller/request.rb
浏览文件 @
224a5344
...
...
@@ -442,6 +442,7 @@ def session=(session) #:nodoc:
end
def
reset_session
@env
[
'rack.session.options'
].
delete
(
:id
)
@env
[
'rack.session'
]
=
{}
end
...
...
actionpack/test/activerecord/active_record_store_test.rb
浏览文件 @
224a5344
...
...
@@ -21,8 +21,15 @@ def get_session_value
render
:text
=>
"foo:
#{
session
[
:foo
].
inspect
}
"
end
def
get_session_id
session
[
:foo
]
render
:text
=>
"
#{
request
.
session_options
[
:id
]
}
"
end
def
call_reset_session
session
[
:bar
]
reset_session
session
[
:bar
]
=
"baz"
head
:ok
end
...
...
@@ -71,6 +78,7 @@ def test_setting_session_value_after_session_reset
get
'/set_session_value'
assert_response
:success
assert
cookies
[
'_session_id'
]
session_id
=
cookies
[
'_session_id'
]
get
'/call_reset_session'
assert_response
:success
...
...
@@ -79,6 +87,23 @@ def test_setting_session_value_after_session_reset
get
'/get_session_value'
assert_response
:success
assert_equal
'foo: nil'
,
response
.
body
get
'/get_session_id'
assert_response
:success
assert_not_equal
session_id
,
response
.
body
end
end
def
test_getting_session_id
with_test_route_set
do
get
'/set_session_value'
assert_response
:success
assert
cookies
[
'_session_id'
]
session_id
=
cookies
[
'_session_id'
]
get
'/get_session_id'
assert_response
:success
assert_equal
session_id
,
response
.
body
end
end
...
...
actionpack/test/controller/session/mem_cache_store_test.rb
浏览文件 @
224a5344
...
...
@@ -17,11 +17,14 @@ def get_session_value
end
def
get_session_id
render
:text
=>
"foo:
#{
session
[
:foo
].
inspect
}
; id:
#{
request
.
session_options
[
:id
]
}
"
session
[
:foo
]
render
:text
=>
"
#{
request
.
session_options
[
:id
]
}
"
end
def
call_reset_session
session
[
:bar
]
reset_session
session
[
:bar
]
=
"baz"
head
:ok
end
...
...
@@ -58,47 +61,52 @@ def test_getting_nil_session_value
end
end
def
test_
getting_session_id
def
test_
setting_session_value_after_session_reset
with_test_route_set
do
get
'/set_session_value'
assert_response
:success
assert
cookies
[
'_session_id'
]
session_id
=
cookies
[
'_session_id'
]
get
'/
get_session_id
'
get
'/
call_reset_session
'
assert_response
:success
assert_equal
"foo:
\"
bar
\"
; id:
#{
session_id
}
"
,
response
.
body
end
end
assert_not_equal
[],
headers
[
'Set-Cookie'
]
def
test_prevents_session_fixation
with_test_route_set
do
get
'/get_session_value'
assert_response
:success
assert_equal
'foo: nil'
,
response
.
body
session_id
=
cookies
[
'_session_id'
]
reset!
get
'/
set_session_value'
,
:_session_id
=>
session_id
get
'/
get_session_id'
assert_response
:success
assert_
equal
nil
,
cookies
[
'_session_id'
]
assert_
not_equal
session_id
,
response
.
body
end
end
def
test_
setting_session_value_after_session_reset
def
test_
getting_session_id
with_test_route_set
do
get
'/set_session_value'
assert_response
:success
assert
cookies
[
'_session_id'
]
session_id
=
cookies
[
'_session_id'
]
get
'/
call_reset_session
'
get
'/
get_session_id
'
assert_response
:success
assert_not_equal
[],
headers
[
'Set-Cookie'
]
assert_equal
session_id
,
response
.
body
end
end
def
test_prevents_session_fixation
with_test_route_set
do
get
'/get_session_value'
assert_response
:success
assert_equal
'foo: nil'
,
response
.
body
session_id
=
cookies
[
'_session_id'
]
reset!
get
'/set_session_value'
,
:_session_id
=>
session_id
assert_response
:success
assert_equal
nil
,
cookies
[
'_session_id'
]
end
end
rescue
LoadError
,
RuntimeError
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录