Skip to content

R
rails

张重言 / rails

通知 1
Star 0
Fork 0
R
rails

体验新版 GitCode,发现更多精彩内容 >>

提交 43c09383 编写于 作者: J Joshua Peek
浏览文件
操作

Ensure session id is set in session options hash [#1880 state:resolved]

上级 78c6f48b
隐藏空白更改
内联 并排
Showing with 45 addition and 18 deletion
actionpack/lib/action_controller/session/abstract_store.rb
浏览文件 @ 43c09383
......@@ -17,16 +17,11 @@ def initialize(by, env)
@loaded = false
end
def id
load! unless @loaded
@id
end
def session_id
ActiveSupport::Deprecation.warn(
"ActionController::Session::AbstractStore::SessionHash#session_id" +
"has been deprecated.Please use #id instead.", caller)
id
"ActionController::Session::AbstractStore::SessionHash#session_id " +
"has been deprecated. Please use request.session_options[:id] instead.", caller)
@env[ENV_SESSION_OPTIONS_KEY][:id]
end
def [](key)
......@@ -47,8 +42,8 @@ def to_hash
def data
ActiveSupport::Deprecation.warn(
"ActionController::Session::AbstractStore::SessionHash#data" +
"has been deprecated.Please use #to_hash instead.", caller)
"ActionController::Session::AbstractStore::SessionHash#data " +
"has been deprecated. Please use #to_hash instead.", caller)
to_hash
end
......@@ -59,7 +54,8 @@ def loaded?
def load!
stale_session_check! do
@id, session = @by.send(:load_session, @env)
id, session = @by.send(:load_session, @env)
(@env[ENV_SESSION_OPTIONS_KEY] ||= {})[:id] = id
replace(session)
@loaded = true
end
......@@ -126,11 +122,7 @@ def call(env)
if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)
if session_data.is_a?(AbstractStore::SessionHash)
sid = session_data.id
else
sid = generate_sid
end
sid = options[:id] || generate_sid
unless set_session(env, sid, session_data.to_hash)
return response
......
actionpack/lib/action_controller/session/cookie_store.rb
浏览文件 @ 43c09383
......@@ -88,7 +88,7 @@ def initialize(app, options = {})
def call(env)
env[ENV_SESSION_KEY] = AbstractStore::SessionHash.new(self, env)
env[ENV_SESSION_OPTIONS_KEY] = @default_options
env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup
status, headers, body = @app.call(env)
......
actionpack/test/controller/session/cookie_store_test.rb
浏览文件 @ 43c09383
......@@ -30,6 +30,10 @@ def get_session_value
render :text => "foo: #{session[:foo].inspect}"
end
def get_session_id
render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}"
end
def call_reset_session
reset_session
head :ok
......@@ -106,6 +110,20 @@ def test_getting_session_value
end
end
def test_getting_session_id
with_test_route_set do
cookies[SessionKey] = SignedBar
get '/persistent_session_id'
assert_response :success
assert_equal response.body.size, 32
session_id = response.body
get '/get_session_id'
assert_response :success
assert_equal "foo: \"bar\"; id: #{session_id}", response.body
end
end
def test_disregards_tampered_sessions
with_test_route_set do
cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--123456780"
......
actionpack/test/controller/session/mem_cache_store_test.rb
浏览文件 @ 43c09383
......@@ -16,6 +16,10 @@ def get_session_value
render :text => "foo: #{session[:foo].inspect}"
end
def get_session_id
render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}"
end
def call_reset_session
reset_session
head :ok
......@@ -50,7 +54,20 @@ def test_getting_nil_session_value
with_test_route_set do
get '/get_session_value'
assert_response :success
assert_equal 'foo: nil', response.body
assert_equal 'foo: nil', response.body
end
end
def test_getting_session_id
with_test_route_set do
get '/set_session_value'
assert_response :success
assert cookies['_session_id']
session_id = cookies['_session_id']
get '/get_session_id'
assert_response :success
assert_equal "foo: \"bar\"; id: #{session_id}", response.body
end
end
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册