class ActionDispatch::Session::CookieStore

Note that changing digest or secret invalidates all existing sessions!
“rake secret” and set the key in config/initializers/secret_token.rb.
To generate a secret key for an existing application, run
such as ‘MD5’, ‘RIPEMD160’, ‘SHA256’, etc.
integrity defaults to ‘SHA1’ but may be any digest provided by OpenSSL,
* :digest: The message digest algorithm used to verify session
:secret => Proc.new { User.current_user.secret_key }
:secret => ‘449fe2e7daee471bffae2fd8dc02313d’
characters. Examples:
a secret consisting of random numbers and letters and more than 30
is not vulnerable to a dictionary attack. Therefore, you should choose
CGI::Session instance as an argument. It’s important that the secret
string called per generated digest. The block is called with the
* :secret: An application-wide key string or block returning a
Session options:
in config/environment.rb. Set your own for old apps you’re upgrading.
included in the hash. New apps are generated with a pregenerated secret
a user cannot alter his user_id without knowing the secret key
A message digest is included with the cookie to ensure data integrity:
CookieOverflow is raised if you attempt to store more than 4K of data.
visible to the user, pick another session store.
If you have more than 4K of session data or don’t want your data to be
alternatives.
size limit. Cookie-based sessions are dramatically faster than the
contain at most a user_id and flash message; both fit within the 4K cookie
This cookie-based session store is the Rails default. Sessions typically

def destroy(env)

def destroy(env)
  # session data is stored on client; nothing to do here
end

def extract_session_id(env)

def extract_session_id(env)
  if data = unpacked_cookie_data(env)
    data["session_id"]
  else
    nil
  end
end

def initialize(app, options = {})

def initialize(app, options = {})
  super(app, options.merge!(:cookie_only => true))
  freeze
end

def load_session(env)

def load_session(env)
  data = unpacked_cookie_data(env)
  data = persistent_session_id!(data)
  [data["session_id"], data]
end

def persistent_session_id!(data, sid=nil)

def persistent_session_id!(data, sid=nil)
  data ||= {}
  data["session_id"] ||= sid || generate_sid
  data
end

def set_cookie(request, options)

def set_cookie(request, options)
  request.cookie_jar.signed[@key] = options
end

def set_session(env, sid, session_data)

def set_session(env, sid, session_data)
  persistent_session_id!(session_data, sid)
end

def unpacked_cookie_data(env)

def unpacked_cookie_data(env)
  env["action_dispatch.request.unsigned_session_cookie"] ||= begin
    stale_session_check! do
      request = ActionDispatch::Request.new(env)
      if data = request.cookie_jar.signed[@key]
        data.stringify_keys!
      end
      data || {}
    end
  end
end

Namespace

ActionDispatch::Session

Parent class

ActionDispatch::Session::AbstractStore

Instance Methods

Defined in

lib/action_dispatch/middleware/session/cookie_store.rb

Modules

Classes