API tools faq
paste
Guest User

Untitled

a guest
Feb 20th, 2018
95
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.35 KB | None | 0 0
raw download clone embed print report
  1. # For what I have done, please forgive me.
  2. # This monkey patch adds in the HttpOnly support for the session cookie
  3. # This is present and accepted into Rails 2.2 at the time of writing, but not in Rails 2.1.
  4. # You can remove this and set HttpOnly properly when moving to Rails 2.2
  5.  
  6. module ActionController
  7. class RackRequest
  8. DEFAULT_SESSION_OPTIONS = {
  9. :database_manager => CGI::Session::CookieStore, # store data in cookie
  10. :prefix => "ruby_sess.", # prefix session file names
  11. :session_path => "/", # available to all paths in app
  12. :session_key => "_session_id",
  13. :cookie_only => true,
  14. :session_http_only=> true
  15. }
  16. end
  17.  
  18. class CgiRequest
  19. DEFAULT_SESSION_OPTIONS = {
  20. :database_manager => CGI::Session::CookieStore, # store data in cookie
  21. :prefix => "ruby_sess.", # prefix session file names
  22. :session_path => "/", # available to all paths in app
  23. :session_key => "_session_id",
  24. :cookie_only => true,
  25. :session_http_only=> true
  26. }
  27. end
  28. end
  29.  
  30. class CGI::Session::CookieStore
  31.  
  32. def initialize(session, options = {})
  33. # The session_key option is required.
  34. if options['session_key'].blank?
  35. raise ArgumentError, 'A session_key is required to write a cookie containing the session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase" } in config/environment.rb'
  36. end
  37.  
  38. # The secret option is required.
  39. ensure_secret_secure(options['secret'])
  40.  
  41. # Keep the session and its secret on hand so we can read and write cookies.
  42. @session, @secret = session, options['secret']
  43.  
  44. # Message digest defaults to SHA1.
  45. @digest = options['digest'] || 'SHA1'
  46.  
  47. # Default cookie options derived from session settings.
  48. @cookie_options = {
  49. 'name' => options['session_key'],
  50. 'path' => options['session_path'],
  51. 'domain' => options['session_domain'],
  52. 'expires' => options['session_expires'],
  53. 'secure' => options['session_secure'],
  54. 'http_only' => options['session_http_only']
  55. }
  56.  
  57. # Set no_hidden and no_cookies since the session id is unused and we
  58. # set our own data cookie.
  59. options['no_hidden'] = true
  60. options['no_cookies'] = true
  61. end
  62. end
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!