Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
2ae8d307
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
2ae8d307
编写于
1月 28, 2009
作者:
P
Pratik Naik
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Session cookie header should always be set if :expire_after option is specified
上级
9714a9b0
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
40 addition
and
8 deletion
+40
-8
actionpack/lib/action_controller/session/abstract_store.rb
actionpack/lib/action_controller/session/abstract_store.rb
+4
-2
actionpack/lib/action_controller/session/cookie_store.rb
actionpack/lib/action_controller/session/cookie_store.rb
+4
-2
actionpack/test/controller/session/cookie_store_test.rb
actionpack/test/controller/session/cookie_store_test.rb
+32
-4
未找到文件。
actionpack/lib/action_controller/session/abstract_store.rb
浏览文件 @
2ae8d307
...
...
@@ -102,8 +102,10 @@ def call(env)
response
=
@app
.
call
(
env
)
session_data
=
env
[
ENV_SESSION_KEY
]
if
!
session_data
.
is_a?
(
AbstractStore
::
SessionHash
)
||
session_data
.
send
(
:loaded?
)
options
=
env
[
ENV_SESSION_OPTIONS_KEY
]
options
=
env
[
ENV_SESSION_OPTIONS_KEY
]
if
!
session_data
.
is_a?
(
AbstractStore
::
SessionHash
)
||
session_data
.
send
(
:loaded?
)
||
options
[
:expire_after
]
session_data
.
send
(
:load!
)
if
session_data
.
is_a?
(
AbstractStore
::
SessionHash
)
&&
!
session_data
.
send
(
:loaded?
)
if
session_data
.
is_a?
(
AbstractStore
::
SessionHash
)
sid
=
session_data
.
id
...
...
actionpack/lib/action_controller/session/cookie_store.rb
浏览文件 @
2ae8d307
...
...
@@ -93,12 +93,14 @@ def call(env)
status
,
headers
,
body
=
@app
.
call
(
env
)
session_data
=
env
[
ENV_SESSION_KEY
]
if
!
session_data
.
is_a?
(
AbstractStore
::
SessionHash
)
||
session_data
.
send
(
:loaded?
)
options
=
env
[
ENV_SESSION_OPTIONS_KEY
]
if
!
session_data
.
is_a?
(
AbstractStore
::
SessionHash
)
||
session_data
.
send
(
:loaded?
)
||
options
[
:expire_after
]
session_data
.
send
(
:load!
)
if
session_data
.
is_a?
(
AbstractStore
::
SessionHash
)
&&
!
session_data
.
send
(
:loaded?
)
session_data
=
marshal
(
session_data
.
to_hash
)
raise
CookieOverflow
if
session_data
.
size
>
MAX
options
=
env
[
ENV_SESSION_OPTIONS_KEY
]
cookie
=
Hash
.
new
cookie
[
:value
]
=
session_data
unless
options
[
:expire_after
].
nil?
...
...
actionpack/test/controller/session/cookie_store_test.rb
浏览文件 @
2ae8d307
...
...
@@ -6,13 +6,11 @@ class CookieStoreTest < ActionController::IntegrationTest
SessionSecret
=
'b3c631c314c0bbca50c1b2843150fe33'
DispatcherApp
=
ActionController
::
Dispatcher
.
new
CookieStoreApp
=
ActionController
::
Session
::
CookieStore
.
new
(
DispatcherApp
,
:key
=>
SessionKey
,
:secret
=>
SessionSecret
)
CookieStoreApp
=
ActionController
::
Session
::
CookieStore
.
new
(
DispatcherApp
,
:key
=>
SessionKey
,
:secret
=>
SessionSecret
)
Verifier
=
ActiveSupport
::
MessageVerifier
.
new
(
SessionSecret
,
'SHA1'
)
SignedBar
=
"BAh7BjoIZm9vIghiYXI%3D--"
+
"fef868465920f415f2c0652d6910d3af288a0367"
SignedBar
=
"BAh7BjoIZm9vIghiYXI%3D--fef868465920f415f2c0652d6910d3af288a0367"
class
TestController
<
ActionController
::
Base
def
no_session_access
...
...
@@ -177,6 +175,36 @@ def test_persistent_session_id
end
end
def
test_session_store_with_expire_after
app
=
ActionController
::
Session
::
CookieStore
.
new
(
DispatcherApp
,
:key
=>
SessionKey
,
:secret
=>
SessionSecret
,
:expire_after
=>
5
.
hours
)
@integration_session
=
open_session
(
app
)
with_test_route_set
do
# First request accesses the session
time
=
Time
.
local
(
2008
,
4
,
24
)
Time
.
stubs
(
:now
).
returns
(
time
)
expected_expiry
=
(
time
+
5
.
hours
).
gmtime
.
strftime
(
"%a, %d-%b-%Y %H:%M:%S GMT"
)
cookies
[
SessionKey
]
=
SignedBar
get
'/set_session_value'
assert_response
:success
cookie_body
=
response
.
body
assert_equal
[
"_myapp_session=
#{
cookie_body
}
; path=/; expires=
#{
expected_expiry
}
; httponly"
],
headers
[
'Set-Cookie'
]
# Second request does not access the session
time
=
Time
.
local
(
2008
,
4
,
25
)
Time
.
stubs
(
:now
).
returns
(
time
)
expected_expiry
=
(
time
+
5
.
hours
).
gmtime
.
strftime
(
"%a, %d-%b-%Y %H:%M:%S GMT"
)
get
'/no_session_access'
assert_response
:success
assert_equal
[
"_myapp_session=
#{
cookie_body
}
; path=/; expires=
#{
expected_expiry
}
; httponly"
],
headers
[
'Set-Cookie'
]
end
end
private
def
with_test_route_set
with_routing
do
|
set
|
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录