1 require 'action_controller/session/cookie_store'
2 require 'action_controller/session/drb_store'
3 require 'action_controller/session/mem_cache_store'
4 if Object
.const_defined
?(:ActiveRecord)
5 require 'action_controller/session/active_record_store'
8 module ActionController
#:nodoc:
9 module SessionManagement
#:nodoc:
10 def self.included(base
)
13 alias_method_chain
:process, :session_management_support
14 alias_method_chain
:process_cleanup, :session_management_support
19 # Set the session store to be used for keeping the session data between requests.
20 # By default, sessions are stored in browser cookies (<tt>:cookie_store</tt>),
21 # but you can also specify one of the other included stores (<tt>:active_record_store</tt>,
22 # <tt>:p_store</tt>, <tt>:drb_store</tt>, <tt>:mem_cache_store</tt>, or
23 # <tt>:memory_store</tt>) or your own custom class.
24 def session_store
=(store
)
25 ActionController
::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager] =
26 store
.is_a
?(Symbol
) ? CGI
::Session.const_get(store
== :drb_store ? "DRbStore" : store
.to_s
.camelize
) : store
29 # Returns the session store class currently used.
31 ActionController
::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager]
34 # Returns the hash used to configure the session. Example use:
36 # ActionController::Base.session_options[:session_secure] = true # session only available over HTTPS
38 ActionController
::CgiRequest::DEFAULT_SESSION_OPTIONS
41 # Specify how sessions ought to be managed for a subset of the actions on
42 # the controller. Like filters, you can specify <tt>:only</tt> and
43 # <tt>:except</tt> clauses to restrict the subset, otherwise options
44 # apply to all actions on this controller.
46 # The session options are inheritable, as well, so if you specify them in
47 # a parent controller, they apply to controllers that extend the parent.
51 # # turn off session management for all actions.
54 # # turn off session management for all actions _except_ foo and bar.
55 # session :off, :except => %w(foo bar)
57 # # turn off session management for only the foo and bar actions.
58 # session :off, :only => %w(foo bar)
60 # # the session will only work over HTTPS, but only for the foo action
61 # session :only => :foo, :session_secure => true
63 # # the session by default uses HttpOnly sessions for security reasons.
64 # # this can be switched off.
65 # session :only => :foo, :session_http_only => false
67 # # the session will only be disabled for 'foo', and only if it is
68 # # requested as a web service
69 # session :off, :only => :foo,
70 # :if => Proc.new { |req| req.parameters[:ws] }
72 # # the session will be disabled for non html/ajax requests
74 # :if => Proc.new { |req| !(req.format.html? || req.format.js?) }
76 # # turn the session back on, useful when it was turned off in the
77 # # application controller, and you need it on in another controller
80 # All session options described for ActionController::Base.process_cgi
81 # are valid arguments.
83 options
= args
.extract_options
!
85 options
[:disabled] = false if args
.delete(:on)
86 options
[:disabled] = true if !args
.empty
?
87 options
[:only] = [*options
[:only]].map
{ |o
| o
.to_s
} if options
[:only]
88 options
[:except] = [*options
[:except]].map
{ |o
| o
.to_s
} if options
[:except]
89 if options
[:only] && options
[:except]
90 raise ArgumentError
, "only one of either :only or :except are allowed"
93 write_inheritable_array(:session_options, [options
])
96 # So we can declare session options in the Rails initializer.
97 alias_method
:session=, :session
99 def cached_session_options
#:nodoc:
100 @session_options ||= read_inheritable_attribute(:session_options) || []
103 def session_options_for(request
, action
) #:nodoc:
104 if (session_options
= cached_session_options
).empty
?
110 session_options
.each
do |opts
|
111 next if opts
[:if] && !opts
[:if].call(request
)
112 if opts
[:only] && opts
[:only].include?(action
)
114 elsif opts
[:except] && !opts
[:except].include?(action
)
116 elsif !opts
[:only] && !opts
[:except]
121 if options
.empty
? then options
124 options
.delete
:except
126 options
[:disabled] ? false : options
132 def process_with_session_management_support(request
, response
, method
= :perform_action, *arguments
) #:nodoc:
133 set_session_options(request
)
134 process_without_session_management_support(request
, response
, method
, *arguments
)
138 def set_session_options(request
)
139 request
.session_options
= self.class.session_options_for(request
, request
.parameters
["action"] || "index")
142 def process_cleanup_with_session_management_support
143 clear_persistent_model_associations
144 process_cleanup_without_session_management_support
147 # Clear cached associations in session data so they don't overflow
148 # the database field. Only applies to ActiveRecordStore since there
149 # is not a standard way to iterate over session data.
150 def clear_persistent_model_associations
#:doc:
151 if defined?(@_session) && @_session.respond_to
?(:data)
152 session_data
= @_session.data
154 if session_data
&& session_data
.respond_to
?(:each_value)
155 session_data
.each_value
do |obj
|
156 obj
.clear_association_cache
if obj
.respond_to
?(:clear_association_cache)