From 2e22c7fda00f78db79cb2dcc79495c085035240d Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Thu, 18 Dec 2008 12:56:18 -0600 Subject: [PATCH] Conditionally inject session middleware instead of using session management --- .../lib/action_controller/dispatcher.rb | 17 +++++++++-- .../lib/action_controller/middleware_stack.rb | 16 ++++++---- .../session/abstract_store.rb | 14 ++++++++- .../action_controller/session/cookie_store.rb | 20 +++++++++++-- .../action_controller/session_management.rb | 29 ------------------- 5 files changed, 55 insertions(+), 41 deletions(-) diff --git a/actionpack/lib/action_controller/dispatcher.rb b/actionpack/lib/action_controller/dispatcher.rb index aa00eecea7..f0897d98b2 100644 --- a/actionpack/lib/action_controller/dispatcher.rb +++ b/actionpack/lib/action_controller/dispatcher.rb @@ -44,9 +44,22 @@ def to_prepare(identifier = nil, &block) cattr_accessor :middleware self.middleware = MiddlewareStack.new do |middleware| - middleware.use "ActionController::Lock", :if => lambda { !ActionController::Base.allow_concurrency } + middleware.use "ActionController::Lock", :if => lambda { + !ActionController::Base.allow_concurrency + } middleware.use "ActionController::Failsafe" - middleware.use "ActionController::SessionManagement::Middleware" + + ["ActionController::Session::CookieStore", + "ActionController::Session::MemCacheStore", + "ActiveRecord::SessionStore"].each do |store| + middleware.use(store, ActionController::Base.session_options, + :if => lambda { + if session_store = ActionController::Base.session_store + session_store.name == store + end + } + ) + end end include ActiveSupport::Callbacks diff --git a/actionpack/lib/action_controller/middleware_stack.rb b/actionpack/lib/action_controller/middleware_stack.rb index ba99f77b81..74f28565c0 100644 --- a/actionpack/lib/action_controller/middleware_stack.rb +++ b/actionpack/lib/action_controller/middleware_stack.rb @@ -1,14 +1,10 @@ module ActionController class MiddlewareStack < Array class Middleware - attr_reader :klass, :args, :block + attr_reader :args, :block def initialize(klass, *args, &block) - if klass.is_a?(Class) - @klass = klass - else - @klass = klass.to_s.constantize - end + @klass = klass options = args.extract_options! if options.has_key?(:if) @@ -22,6 +18,14 @@ def initialize(klass, *args, &block) @block = block end + def klass + if @klass.is_a?(Class) + @klass + else + @klass.to_s.constantize + end + end + def active? if @conditional.respond_to?(:call) @conditional.call diff --git a/actionpack/lib/action_controller/session/abstract_store.rb b/actionpack/lib/action_controller/session/abstract_store.rb index 7874ee5a28..2218152c2c 100644 --- a/actionpack/lib/action_controller/session/abstract_store.rb +++ b/actionpack/lib/action_controller/session/abstract_store.rb @@ -60,7 +60,7 @@ def load! end DEFAULT_OPTIONS = { - :key => 'rack.session', + :key => '_session_id', :path => '/', :domain => nil, :expire_after => nil, @@ -70,6 +70,18 @@ def load! } def initialize(app, options = {}) + # Process legacy CGI options + options = options.symbolize_keys + if options.has_key?(:session_path) + options[:path] = options.delete(:session_path) + end + if options.has_key?(:session_key) + options[:key] = options.delete(:session_key) + end + if options.has_key?(:session_http_only) + options[:httponly] = options.delete(:session_http_only) + end + @app = app @default_options = DEFAULT_OPTIONS.merge(options) @key = @default_options[:key] diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index ce3cf354fd..158c940cc2 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -41,9 +41,11 @@ class CookieStore SECRET_MIN_LENGTH = 30 # characters DEFAULT_OPTIONS = { - :domain => nil, - :path => "/", - :expire_after => nil + :key => '_session_id', + :domain => nil, + :path => "/", + :expire_after => nil, + :httponly => false }.freeze ENV_SESSION_KEY = "rack.session".freeze @@ -56,6 +58,18 @@ class CookieOverflow < StandardError; end def initialize(app, options = {}) options = options.dup + # Process legacy CGI options + options = options.symbolize_keys + if options.has_key?(:session_path) + options[:path] = options.delete(:session_path) + end + if options.has_key?(:session_key) + options[:key] = options.delete(:session_key) + end + if options.has_key?(:session_http_only) + options[:httponly] = options.delete(:session_http_only) + end + @app = app # The session_key option is required. diff --git a/actionpack/lib/action_controller/session_management.rb b/actionpack/lib/action_controller/session_management.rb index a9989d8198..f06a0da75c 100644 --- a/actionpack/lib/action_controller/session_management.rb +++ b/actionpack/lib/action_controller/session_management.rb @@ -6,35 +6,6 @@ def self.included(base) end end - class Middleware - DEFAULT_OPTIONS = { - :path => "/", - :key => "_session_id", - :httponly => true, - }.freeze - - def self.new(app) - cgi_options = ActionController::Base.session_options - options = cgi_options.symbolize_keys - options = DEFAULT_OPTIONS.merge(options) - if options.has_key?(:session_path) - options[:path] = options.delete(:session_path) - end - if options.has_key?(:session_key) - options[:key] = options.delete(:session_key) - end - if options.has_key?(:session_http_only) - options[:httponly] = options.delete(:session_http_only) - end - - if store = ActionController::Base.session_store - store.new(app, options) - else # Sessions disabled - lambda { |env| app.call(env) } - end - end - end - module ClassMethods # Set the session store to be used for keeping the session data between requests. # By default, sessions are stored in browser cookies (:cookie_store), -- GitLab