class CGI::Session

def initialize(request, option={})


end
undef_method :fieldset
class << cgi
cgi = CGI.new("html4")

(see https://blade.ruby-lang.org/ruby-list/37805)
use of fieldsets with code similar to the following
is _not_ invisible on many browsers; you may wish to disable the
fields are surrounded by a
tag in HTML 4 generation, which
*WARNING* the +output_hidden+

to add hidden input elements to forms.
as a cookie, and also to its +output_hidden+ table, which is used
The retrieved or created session is automatically added to +request+

they support.
the documentation for each session storage class for the options
+option+ is also passed on to the session storage class initializer; see

to the directory of the CGI script.
session_path:: the path for which this session applies. Defaults
session_secure:: if +true+, this session will only work over HTTPS.
If not set, defaults to the hostname of the server.
session_domain:: the hostname domain for which this session is valid.
when the user's browser is closed.
+Time+ object. If not set, the session will terminate
session_expires:: the time the current session expires, as a

session id is stored in a cookie.
The following options are also recognised, but only apply if the

these classes for more details.
cgi/session/pstore.rb). See the documentation for
+MemoryStore+, and +PStore+ (from
is provided for +FileStore+ (the default),
for session state persistence. Built-in support
database_manager:: the name of the class providing storage facilities
option is not set, an ArgumentError is raised.
and if none currently exists and the +session_id+
exists. If false, a new session is never created,
a new session is only created if none currently
new_session:: if true, force creation of a new session. If not set,
a new session.
of the request, or automatically generated for
it is retrieved from the +session_key+ parameter
session_id:: the session id to use. If not provided, then
Defaults to '_session_id'.
session_key:: the parameter name used for the session id.

recognised:
CGI::Session instance. The following options are
+option+ is a hash of options for initialising this
+request+ is an instance of the +CGI+ class (see cgi.rb).

Create a new CGI::Session object for +request+. 
def initialize(request, option={})
  @new_session = false
  session_key = option['session_key'] || '_session_id'
  session_id = option['session_id']
  unless session_id
    if option['new_session']
      session_id = create_new_id
      @new_session = true
    end
  end
  unless session_id
    if request.key?(session_key)
      session_id = request[session_key]
      session_id = session_id.read if session_id.respond_to?(:read)
    end
    unless session_id
      session_id, = request.cookies[session_key]
    end
    unless session_id
      unless option.fetch('new_session', true)
        raise ArgumentError, "session_key `%s' should be supplied"%session_key
      end
      session_id = create_new_id
      @new_session = true
    end
  end
  @session_id = session_id
  dbman = option['database_manager'] || FileStore
  begin
    @dbman = dbman::new(self, option)
  rescue NoSession
    unless option.fetch('new_session', true)
      raise ArgumentError, "invalid session_id `%s'"%session_id
    end
    session_id = @session_id = create_new_id unless session_id
    @new_session=true
    retry
  end
  request.instance_eval do
    @output_hidden = {session_key => session_id} unless option['no_hidden']
    @output_cookies =  [
      Cookie::new("name" => session_key,
      "value" => session_id,
      "expires" => option['session_expires'],
      "domain" => option['session_domain'],
      "secure" => option['session_secure'],
      "path" =>
      if option['session_path']
        option['session_path']
      elsif ENV["SCRIPT_NAME"]
        File::dirname(ENV["SCRIPT_NAME"])
      else
      ""
      end)
    ] unless option['no_cookies']
  end
  @dbprot = [@dbman]
  ObjectSpace::define_finalizer(self, Session::callback(@dbprot))
end