If session_options[:id] is requested when using CookieStore, unmarshal the...

If session_options[:id] is requested when using CookieStore, unmarshal the session to access it [#2268 state:resolved] Signed-off-by: N Joshua Peek <josh@joshpeek.com>

If session_options[:id] is requested when using CookieStore, unmarshal the...
If session_options[:id] is requested when using CookieStore, unmarshal the session to access it [#2268 state:resolved] Signed-off-by: N Joshua Peek <josh@joshpeek.com>
e0f1a7dc · Jay Pignata · Joshua Peek · f416f9f0 · e0f1a7dc · e0f1a7dc
2 changed file
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -37,7 +37,7 @@ module Session
    # "rake secret" and set the key in config/environment.rb.
    #
    # Note that changing digest or secret invalidates all existing sessions!
-    class CookieStore
+    class CookieStore < Hash
      # Cookies can typically store 4096 bytes.
      MAX = 4096
      SECRET_MIN_LENGTH = 30 # characters
@@ -50,6 +50,17 @@ class CookieStore
        :httponly     => true
      }.freeze
+      class OptionsHash < Hash
+        def initialize(by, env, default_options)
+          @session_data = env[CookieStore::ENV_SESSION_KEY]
+          default_options.each { |key, value| self[key] = value }
+        end
+        def [](key)
+          key == :id ? @session_data[:session_id] : super(key)
+        end
+      end
      ENV_SESSION_KEY = "rack.session".freeze
      ENV_SESSION_OPTIONS_KEY = "rack.session.options".freeze
      HTTP_SET_COOKIE = "Set-Cookie".freeze
@@ -90,7 +101,7 @@ def initialize(app, options = {})
      def call(env)
        env[ENV_SESSION_KEY] = AbstractStore::SessionHash.new(self, env)
-        env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup
+        env[ENV_SESSION_OPTIONS_KEY] = OptionsHash.new(self, env, @default_options)
        status, headers, body = @app.call(env)

--- a/actionpack/test/dispatch/session/cookie_store_test.rb
+++ b/actionpack/test/dispatch/session/cookie_store_test.rb
@@ -30,7 +30,7 @@ def get_session_value
    end
    def get_session_id
-      render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}"
+      render :text => "id: #{request.session_options[:id]}"
    end
    def call_reset_session
@@ -119,7 +119,7 @@ def test_getting_session_id
      get '/get_session_id'
      assert_response :success
-      assert_equal "foo: \"bar\"; id: #{session_id}", response.body
+      assert_equal "id: #{session_id}", response.body
    end
  end