Class: ActiveRecord::SessionStore::Session
- Inherits:
-
Base
- Object
- Base
- ActiveRecord::SessionStore::Session
- Extended by:
- ClassMethods
- Defined in:
- lib/active_record/session_store/session.rb
Overview
The default Active Record class.
Constant Summary collapse
- SEMAPHORE =
Mutex.new
Class Method Summary collapse
- .data_column_size_limit ⇒ Object
-
.find_by_session_id(session_id) ⇒ Object
Hook to set up sessid compatibility.
Instance Method Summary collapse
-
#data ⇒ Object
Lazy-deserialize session state.
- #data=(data) ⇒ Object
-
#data_column_name ⇒ Object
:singleton-method: Customizable data column name.
-
#initialize ⇒ Session
constructor
A new instance of Session.
-
#loaded? ⇒ Boolean
Has the session been loaded yet?.
-
#secure! ⇒ Object
This method was introduced when addressing CVE-2019-16782 (see https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3).
Methods included from ClassMethods
create_table!, deserialize, drop_table!, serialize, serializer_class
Constructor Details
#initialize ⇒ Session
Returns a new instance of Session.
61 62 63 64 |
# File 'lib/active_record/session_store/session.rb', line 61 def initialize(*) @data = nil super end |
Class Method Details
.data_column_size_limit ⇒ Object
21 22 23 |
# File 'lib/active_record/session_store/session.rb', line 21 def data_column_size_limit @data_column_size_limit ||= columns_hash[data_column_name].limit end |
.find_by_session_id(session_id) ⇒ Object
Hook to set up sessid compatibility.
26 27 28 29 |
# File 'lib/active_record/session_store/session.rb', line 26 def find_by_session_id(session_id) SEMAPHORE.synchronize { setup_sessid_compatibility! } find_by_session_id(session_id) end |
Instance Method Details
#data ⇒ Object
Lazy-deserialize session state.
67 68 69 |
# File 'lib/active_record/session_store/session.rb', line 67 def data @data ||= self.class.deserialize(read_attribute(@@data_column_name)) || {} end |
#data=(data) ⇒ Object
71 72 73 74 |
# File 'lib/active_record/session_store/session.rb', line 71 def data=(data) attribute_will_change!(@@data_column_name) if data != self.data @data = data end |
#data_column_name ⇒ Object
:singleton-method: Customizable data column name. Defaults to 'data'.
14 |
# File 'lib/active_record/session_store/session.rb', line 14 cattr_accessor :data_column_name |
#loaded? ⇒ Boolean
Has the session been loaded yet?
77 78 79 |
# File 'lib/active_record/session_store/session.rb', line 77 def loaded? @data end |
#secure! ⇒ Object
This method was introduced when addressing CVE-2019-16782 (see https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3). Sessions created on version <= 1.1.3 were guessable via a timing attack. To secure sessions created on those old versions, this method can be called on all existing sessions in the database. Users will not lose their session when this is done.
87 88 89 90 91 92 93 94 95 96 97 98 99 100 |
# File 'lib/active_record/session_store/session.rb', line 87 def secure! session_id_column = if self.class.columns_hash['sessid'] :sessid else :session_id end raw_session_id = read_attribute(session_id_column) if ActionDispatch::Session::ActiveRecordStore.private_session_id?(raw_session_id) # is already private, nothing to do else session_id_object = Rack::Session::SessionId.new(raw_session_id) update_column(session_id_column, session_id_object.private_id) end end |