vendor/rails/actionpack/lib/action_controller/cgi_ext/session.rb

   1 require 'digest/md5'
   2 require 'cgi/session'
   3 require 'cgi/session/pstore'
   4
   5 class CGI #:nodoc:
   6   # * Expose the CGI instance to session stores.
   7   # * Don't require 'digest/md5' whenever a new session id is generated.
   8   class Session #:nodoc:
   9     def self.generate_unique_id(constant = nil)
  10       ActiveSupport::SecureRandom.hex(16)
  11     end
  12
  13     # Make the CGI instance available to session stores.
  14     attr_reader :cgi
  15     attr_reader :dbman
  16     alias_method :initialize_without_cgi_reader, :initialize
  17     def initialize(cgi, options = {})
  18       @cgi = cgi
  19       initialize_without_cgi_reader(cgi, options)
  20     end
  21
  22     private
  23       # Create a new session id.
  24       def create_new_id
  25         @new_session = true
  26         self.class.generate_unique_id
  27       end
  28
  29     # * Don't require 'digest/md5' whenever a new session is started.
  30     class PStore #:nodoc:
  31       def initialize(session, option={})
  32         dir = option['tmpdir'] || Dir::tmpdir
  33         prefix = option['prefix'] || ''
  34         id = session.session_id
  35         md5 = Digest::MD5.hexdigest(id)[0,16]
  36         path = dir+"/"+prefix+md5
  37         path.untaint
  38         if File::exist?(path)
  39           @hash = nil
  40         else
  41           unless session.new_session
  42             raise CGI::Session::NoSession, "uninitialized session"
  43           end
  44           @hash = {}
  45         end
  46         @p = ::PStore.new(path)
  47         @p.transaction do |p|
  48           File.chmod(0600, p.path)
  49         end
  50       end
  51     end
  52   end
  53 end