Conditionally inject session middleware instead of using session management

2e22c7fd · Joshua Peek · 2eb2ec9e · 2e22c7fd · 2e22c7fd · 2e22c7fd
5 changed file
--- a/actionpack/lib/action_controller/dispatcher.rb
+++ b/actionpack/lib/action_controller/dispatcher.rb
@@ -44,9 +44,22 @@ def to_prepare(identifier = nil, &block)

    cattr_accessor :middleware
    self.middleware = MiddlewareStack.new do |middleware|
-      middleware.use "ActionController::Lock", :if => lambda { !ActionController::Base.allow_concurrency }
+      middleware.use "ActionController::Lock", :if => lambda {
+        !ActionController::Base.allow_concurrency
+      }
      middleware.use "ActionController::Failsafe"
-      middleware.use "ActionController::SessionManagement::Middleware"
+
+      ["ActionController::Session::CookieStore",
+       "ActionController::Session::MemCacheStore",
+       "ActiveRecord::SessionStore"].each do |store|
+          middleware.use(store, ActionController::Base.session_options,
+            :if => lambda {
+              if session_store = ActionController::Base.session_store
+                session_store.name == store
+              end
+            }
+          )
+      end
    end

    include ActiveSupport::Callbacks

--- a/actionpack/lib/action_controller/middleware_stack.rb
+++ b/actionpack/lib/action_controller/middleware_stack.rb
 module ActionController
  class MiddlewareStack < Array
    class Middleware
-      attr_reader :klass, :args, :block
+      attr_reader :args, :block

      def initialize(klass, *args, &block)
-        if klass.is_a?(Class)
        @klass = klass
-        else
-          @klass = klass.to_s.constantize
-        end

        options = args.extract_options!
        if options.has_key?(:if)
@@ -22,6 +18,14 @@ def initialize(klass, *args, &block)
        @block = block
      end

+      def klass
+        if @klass.is_a?(Class)
+          @klass
+        else
+          @klass.to_s.constantize
+        end
+      end
+
      def active?
        if @conditional.respond_to?(:call)
          @conditional.call

--- a/actionpack/lib/action_controller/session/abstract_store.rb
+++ b/actionpack/lib/action_controller/session/abstract_store.rb
@@ -60,7 +60,7 @@ def load!
      end

      DEFAULT_OPTIONS = {
-        :key =>           'rack.session',
+        :key =>           '_session_id',
        :path =>          '/',
        :domain =>        nil,
        :expire_after =>  nil,
@@ -70,6 +70,18 @@ def load!
      }

      def initialize(app, options = {})
+        # Process legacy CGI options
+        options = options.symbolize_keys
+        if options.has_key?(:session_path)
+          options[:path] = options.delete(:session_path)
+        end
+        if options.has_key?(:session_key)
+          options[:key] = options.delete(:session_key)
+        end
+        if options.has_key?(:session_http_only)
+          options[:httponly] = options.delete(:session_http_only)
+        end
+
        @app = app
        @default_options = DEFAULT_OPTIONS.merge(options)
        @key = @default_options[:key]

--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -41,9 +41,11 @@ class CookieStore
      SECRET_MIN_LENGTH = 30 # characters

      DEFAULT_OPTIONS = {
+        :key          => '_session_id',
        :domain       => nil,
        :path         => "/",
-        :expire_after => nil
+        :expire_after => nil,
+        :httponly     => false
      }.freeze

      ENV_SESSION_KEY = "rack.session".freeze
@@ -56,6 +58,18 @@ class CookieOverflow < StandardError; end
      def initialize(app, options = {})
        options = options.dup

+        # Process legacy CGI options
+        options = options.symbolize_keys
+        if options.has_key?(:session_path)
+          options[:path] = options.delete(:session_path)
+        end
+        if options.has_key?(:session_key)
+          options[:key] = options.delete(:session_key)
+        end
+        if options.has_key?(:session_http_only)
+          options[:httponly] = options.delete(:session_http_only)
+        end
+
        @app = app

        # The session_key option is required.

--- a/actionpack/lib/action_controller/session_management.rb
+++ b/actionpack/lib/action_controller/session_management.rb
@@ -6,35 +6,6 @@ def self.included(base)
      end
    end

-    class Middleware
-      DEFAULT_OPTIONS = {
-        :path     => "/",
-        :key      => "_session_id",
-        :httponly => true,
-      }.freeze
-
-      def self.new(app)
-        cgi_options = ActionController::Base.session_options
-        options = cgi_options.symbolize_keys
-        options = DEFAULT_OPTIONS.merge(options)
-        if options.has_key?(:session_path)
-          options[:path] = options.delete(:session_path)
-        end
-        if options.has_key?(:session_key)
-          options[:key] = options.delete(:session_key)
-        end
-        if options.has_key?(:session_http_only)
-          options[:httponly] = options.delete(:session_http_only)
-        end
-
-        if store = ActionController::Base.session_store
-          store.new(app, options)
-        else # Sessions disabled
-          lambda { |env| app.call(env) }
-        end
-      end
-    end
-
    module ClassMethods
      # Set the session store to be used for keeping the session data between requests.
      # By default, sessions are stored in browser cookies (<tt>:cookie_store</tt>),