redis-actionpack-json 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +15 -0
- data/.travis.yml +7 -0
- data/CHANGELOG +450 -0
- data/README.md +23 -0
- data/redis-actionpack-json/.gitignore +4 -0
- data/redis-actionpack-json/Gemfile +6 -0
- data/redis-actionpack-json/MIT-LICENSE +20 -0
- data/redis-actionpack-json/Rakefile +8 -0
- data/redis-actionpack-json/lib/action_dispatch/middleware/session/redis_store_json.rb +24 -0
- data/redis-actionpack-json/lib/redis-actionpack-json.rb +4 -0
- data/redis-actionpack-json/lib/redis/actionpack/version.rb +5 -0
- data/redis-actionpack-json/redis-actionpack-json.gemspec +32 -0
- data/redis-actionpack-json/test/dummy/.gitignore +1 -0
- data/redis-actionpack-json/test/dummy/Rakefile +7 -0
- data/redis-actionpack-json/test/dummy/app/controllers/test_controller.rb +37 -0
- data/redis-actionpack-json/test/dummy/config.ru +4 -0
- data/redis-actionpack-json/test/dummy/config/application.rb +29 -0
- data/redis-actionpack-json/test/dummy/config/boot.rb +10 -0
- data/redis-actionpack-json/test/dummy/config/environment.rb +5 -0
- data/redis-actionpack-json/test/dummy/config/initializers/secret_token.rb +7 -0
- data/redis-actionpack-json/test/dummy/config/initializers/session_store.rb +11 -0
- data/redis-actionpack-json/test/dummy/config/routes.rb +3 -0
- data/redis-actionpack-json/test/dummy/script/rails +6 -0
- data/redis-actionpack-json/test/fixtures/session_autoload_test/session_autoload_test/foo.rb +10 -0
- data/redis-actionpack-json/test/integration/redis_store_integration_test.rb +130 -0
- data/redis-actionpack-json/test/integration/redis_store_json_integration_test.rb +130 -0
- data/redis-actionpack-json/test/redis/actionpack/version_test.rb +7 -0
- data/redis-actionpack-json/test/test_helper.rb +23 -0
- data/redis-rack-json/.gitignore +5 -0
- data/redis-rack-json/Gemfile +5 -0
- data/redis-rack-json/MIT-LICENSE +20 -0
- data/redis-rack-json/Rakefile +8 -0
- data/redis-rack-json/lib/rack/session/redis.rb +69 -0
- data/redis-rack-json/lib/redis-rack-json.rb +3 -0
- data/redis-rack-json/lib/redis/rack/version.rb +6 -0
- data/redis-rack-json/redis-rack-json.gemspec +29 -0
- data/redis-rack-json/test/rack/session/redis_test.rb +289 -0
- data/redis-rack-json/test/redis/rack/version_test.rb +7 -0
- data/redis-rack-json/test/test_helper.rb +7 -0
- data/redis-store-json/Gemfile +4 -0
- data/redis-store-json/MIT-LICENSE +20 -0
- data/redis-store-json/Rakefile +7 -0
- data/redis-store-json/lib/redis-store-json.rb +11 -0
- data/redis-store-json/lib/redis/distributed_store.rb +46 -0
- data/redis-store-json/lib/redis/factory.rb +41 -0
- data/redis-store-json/lib/redis/store.rb +47 -0
- data/redis-store-json/lib/redis/store/interface.rb +21 -0
- data/redis-store-json/lib/redis/store/namespace.rb +66 -0
- data/redis-store-json/lib/redis/store/strategy.rb +60 -0
- data/redis-store-json/lib/redis/store/strategy/json.rb +49 -0
- data/redis-store-json/lib/redis/store/strategy/json_session.rb +67 -0
- data/redis-store-json/lib/redis/store/strategy/marshal.rb +16 -0
- data/redis-store-json/lib/redis/store/strategy/yaml.rb +16 -0
- data/redis-store-json/lib/redis/store/ttl.rb +37 -0
- data/redis-store-json/lib/redis/store/version.rb +5 -0
- data/redis-store-json/lib/tasks/redis.tasks.rb +167 -0
- data/redis-store-json/redis-store-json.gemspec +29 -0
- data/redis-store-json/test/config/node-one.conf +46 -0
- data/redis-store-json/test/config/node-two.conf +46 -0
- data/redis-store-json/test/config/redis.conf +46 -0
- data/redis-store-json/test/redis/distributed_store_test.rb +53 -0
- data/redis-store-json/test/redis/factory_test.rb +120 -0
- data/redis-store-json/test/redis/store/interface_test.rb +27 -0
- data/redis-store-json/test/redis/store/namespace_test.rb +103 -0
- data/redis-store-json/test/redis/store/strategy/json_session_test.rb +160 -0
- data/redis-store-json/test/redis/store/strategy/json_test.rb +108 -0
- data/redis-store-json/test/redis/store/strategy/marshal_test.rb +121 -0
- data/redis-store-json/test/redis/store/strategy/yaml_test.rb +105 -0
- data/redis-store-json/test/redis/store/ttl_test.rb +107 -0
- data/redis-store-json/test/redis/store/version_test.rb +7 -0
- data/redis-store-json/test/redis/store_test.rb +45 -0
- data/redis-store-json/test/test_helper.rb +22 -0
- metadata +279 -0
data/README.md
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# Rails 4 Redis session store with JSON serialization
|
2
|
+
|
3
|
+
Require store and actionpack
|
4
|
+
|
5
|
+
```
|
6
|
+
gem 'redis-actionpack-json', '~> 4.0.0'
|
7
|
+
gem 'redis-rack', '~> 1.5.2'
|
8
|
+
gem 'redis-store', '~> 3.0.0'
|
9
|
+
```
|
10
|
+
|
11
|
+
Configure the session
|
12
|
+
|
13
|
+
```
|
14
|
+
MyApplication.config.session_store :redis_store,
|
15
|
+
:key => '_session_key',
|
16
|
+
:key_prefix => 'key_prefix_',
|
17
|
+
:strategy => :json_session,
|
18
|
+
:domain => :all,
|
19
|
+
:server => {
|
20
|
+
:host => :localhost,
|
21
|
+
:port => 6379
|
22
|
+
}
|
23
|
+
```
|
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2009 - 2011 Luca Guidi
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'redis-store-json'
|
2
|
+
require 'redis-rack-json'
|
3
|
+
require 'action_dispatch/middleware/session/abstract_store'
|
4
|
+
|
5
|
+
module ActionDispatch
|
6
|
+
module Session
|
7
|
+
class RedisStoreJson < Rack::Session::Redis
|
8
|
+
include Compatibility
|
9
|
+
include StaleSessionCheck
|
10
|
+
def initialize(app, options = {})
|
11
|
+
options = options.dup
|
12
|
+
options[:redis_server] ||= options[:servers] if options[:servers].present?
|
13
|
+
super
|
14
|
+
end
|
15
|
+
|
16
|
+
private
|
17
|
+
|
18
|
+
def set_cookie(env, session_id, cookie)
|
19
|
+
request = ActionDispatch::Request.new(env)
|
20
|
+
request.cookie_jar[key] = cookie
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
3
|
+
require "redis/actionpack/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = 'redis-actionpack-json'
|
7
|
+
s.version = Redis::ActionPack::VERSION
|
8
|
+
s.authors = ["Nathan Tsoi", "Luca Guidi", "Matt Horan"]
|
9
|
+
s.email = ["nathan@vertile.com"]
|
10
|
+
s.homepage = "http://github.com/nathantsoi/redis-store-json"
|
11
|
+
s.summary = "Rails 4 Redis session store for ActionPack with JSON serialization"
|
12
|
+
s.description = "Rails 4 Redis session store for ActionPack with JSON serialization"
|
13
|
+
|
14
|
+
s.rubyforge_project = "redis-actionpack-json"
|
15
|
+
|
16
|
+
s.files = `git ls-files`.split("\n")
|
17
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
18
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
19
|
+
s.require_paths = ["lib"]
|
20
|
+
|
21
|
+
s.add_runtime_dependency 'redis-store-json', '~> 3.0.0'
|
22
|
+
s.add_runtime_dependency 'redis-rack-json', '~> 1.5.2'
|
23
|
+
s.add_runtime_dependency 'actionpack', '~> 4.0.0.rc1'
|
24
|
+
|
25
|
+
s.add_development_dependency 'rake', '~> 10'
|
26
|
+
s.add_development_dependency 'bundler', '~> 1.2'
|
27
|
+
s.add_development_dependency 'mocha', '~> 0.13.0'
|
28
|
+
s.add_development_dependency 'minitest', '~> 4.3.1'
|
29
|
+
s.add_development_dependency 'tzinfo'
|
30
|
+
s.add_development_dependency 'mini_specunit'
|
31
|
+
s.add_development_dependency 'mini_backtrace'
|
32
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
log/*
|
@@ -0,0 +1,7 @@
|
|
1
|
+
#!/usr/bin/env rake
|
2
|
+
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
3
|
+
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
4
|
+
|
5
|
+
require File.expand_path('../config/application', __FILE__)
|
6
|
+
|
7
|
+
Dummy::Application.load_tasks
|
@@ -0,0 +1,37 @@
|
|
1
|
+
class TestController < ActionController::Base
|
2
|
+
def no_session_access
|
3
|
+
head :ok
|
4
|
+
end
|
5
|
+
|
6
|
+
def set_session_value
|
7
|
+
session[:foo] = "bar"
|
8
|
+
head :ok
|
9
|
+
end
|
10
|
+
|
11
|
+
def set_session_value_with_expiry
|
12
|
+
request.session_options[:expire_after] = 1.second
|
13
|
+
set_session_value
|
14
|
+
end
|
15
|
+
|
16
|
+
def set_serialized_session_value
|
17
|
+
session[:foo] = SessionAutoloadTest::Foo.new
|
18
|
+
head :ok
|
19
|
+
end
|
20
|
+
|
21
|
+
def get_session_value
|
22
|
+
render :text => "foo: #{session[:foo].inspect}"
|
23
|
+
end
|
24
|
+
|
25
|
+
def get_session_id
|
26
|
+
render :text => "#{request.session_options[:id]}"
|
27
|
+
end
|
28
|
+
|
29
|
+
def call_reset_session
|
30
|
+
session[:bar]
|
31
|
+
reset_session
|
32
|
+
session[:bar] = "baz"
|
33
|
+
head :ok
|
34
|
+
end
|
35
|
+
|
36
|
+
def rescue_action(e) raise end
|
37
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
require File.expand_path('../boot', __FILE__)
|
2
|
+
|
3
|
+
require "action_controller/railtie"
|
4
|
+
|
5
|
+
Bundler.require
|
6
|
+
|
7
|
+
module Dummy
|
8
|
+
class Application < Rails::Application
|
9
|
+
# Disable class caching for session auto-load test
|
10
|
+
config.cache_classes = false
|
11
|
+
|
12
|
+
# Log error messages when you accidentally call methods on nil
|
13
|
+
config.whiny_nils = true
|
14
|
+
|
15
|
+
# Show full error reports and disable caching
|
16
|
+
config.consider_all_requests_local = true
|
17
|
+
config.action_controller.perform_caching = false
|
18
|
+
|
19
|
+
# Raise exceptions instead of rendering exception templates
|
20
|
+
config.action_dispatch.show_exceptions = false
|
21
|
+
|
22
|
+
# Disable request forgery protection in test environment
|
23
|
+
config.action_controller.allow_forgery_protection = false
|
24
|
+
|
25
|
+
# Print deprecation notices to the stderr
|
26
|
+
config.active_support.deprecation = :stderr
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Your secret key for verifying the integrity of signed cookies.
|
4
|
+
# If you change this key, all old signed cookies will become invalid!
|
5
|
+
# Make sure the secret is at least 30 characters and all random,
|
6
|
+
# no regular words or you'll be exposed to dictionary attacks.
|
7
|
+
Dummy::Application.config.secret_token = 'a7d2ff143cdb3d1f9470a3ce2df7bb220a9c4498cb5c4a35150705de6719114b12ab7512a9618a2d3c25f8d6e62ab22c042445ed856ff674f4ee2faabd9d2041'
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
Dummy::Application.config.session_store :redis_store,
|
4
|
+
:key => '_session_id',
|
5
|
+
:servers => ["redis://127.0.0.1:6380/1/theplaylist",
|
6
|
+
"redis://127.0.0.1:6381/1/theplaylist"]
|
7
|
+
|
8
|
+
# Use the database for sessions instead of the cookie-based default,
|
9
|
+
# which shouldn't be used to store highly confidential information
|
10
|
+
# (create the session table with "rails generate session_migration")
|
11
|
+
# Dummy::Application.config.session_store :active_record_store
|
@@ -0,0 +1,6 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
3
|
+
|
4
|
+
APP_PATH = File.expand_path('../../config/application', __FILE__)
|
5
|
+
require File.expand_path('../../config/boot', __FILE__)
|
6
|
+
require 'rails/commands'
|
@@ -0,0 +1,130 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class RedisStoreJsonIntegrationTest < ActionController::IntegrationTest
|
4
|
+
it "reads the data" do
|
5
|
+
get '/set_session_value'
|
6
|
+
response.must_be :success?
|
7
|
+
cookies['_session_id'].wont_be_nil
|
8
|
+
|
9
|
+
get '/get_session_value'
|
10
|
+
response.must_be :success?
|
11
|
+
response.body.must_equal 'foo: "bar"'
|
12
|
+
end
|
13
|
+
|
14
|
+
it "should get nil session value" do
|
15
|
+
get '/get_session_value'
|
16
|
+
response.must_be :success?
|
17
|
+
response.body.must_equal 'foo: nil'
|
18
|
+
end
|
19
|
+
|
20
|
+
it "should delete the data after session reset" do
|
21
|
+
get '/set_session_value'
|
22
|
+
response.must_be :success?
|
23
|
+
cookies['_session_id'].wont_be_nil
|
24
|
+
session_cookie = cookies.send(:hash_for)['_session_id']
|
25
|
+
|
26
|
+
get '/call_reset_session'
|
27
|
+
response.must_be :success?
|
28
|
+
headers['Set-Cookie'].wont_equal []
|
29
|
+
|
30
|
+
cookies << session_cookie
|
31
|
+
|
32
|
+
get '/get_session_value'
|
33
|
+
response.must_be :success?
|
34
|
+
response.body.must_equal 'foo: nil'
|
35
|
+
end
|
36
|
+
|
37
|
+
it "should not send cookies on write, not read" do
|
38
|
+
get '/get_session_value'
|
39
|
+
response.must_be :success?
|
40
|
+
response.body.must_equal 'foo: nil'
|
41
|
+
cookies['_session_id'].must_be_nil
|
42
|
+
end
|
43
|
+
|
44
|
+
it "should set session value after session reset" do
|
45
|
+
get '/set_session_value'
|
46
|
+
response.must_be :success?
|
47
|
+
cookies['_session_id'].wont_be_nil
|
48
|
+
session_id = cookies['_session_id']
|
49
|
+
|
50
|
+
get '/call_reset_session'
|
51
|
+
response.must_be :success?
|
52
|
+
headers['Set-Cookie'].wont_equal []
|
53
|
+
|
54
|
+
get '/get_session_value'
|
55
|
+
response.must_be :success?
|
56
|
+
response.body.must_equal 'foo: nil'
|
57
|
+
|
58
|
+
get '/get_session_id'
|
59
|
+
response.must_be :success?
|
60
|
+
response.body.wont_equal session_id
|
61
|
+
end
|
62
|
+
|
63
|
+
it "should be able to read session id without accessing the session hash" do
|
64
|
+
get '/set_session_value'
|
65
|
+
response.must_be :success?
|
66
|
+
cookies['_session_id'].wont_be_nil
|
67
|
+
session_id = cookies['_session_id']
|
68
|
+
|
69
|
+
get '/get_session_id'
|
70
|
+
response.must_be :success?
|
71
|
+
response.body.must_equal session_id
|
72
|
+
end
|
73
|
+
|
74
|
+
it "should auto-load unloaded class" do
|
75
|
+
with_autoload_path "session_autoload_test" do
|
76
|
+
get '/set_serialized_session_value'
|
77
|
+
response.must_be :success?
|
78
|
+
cookies['_session_id'].wont_be_nil
|
79
|
+
end
|
80
|
+
|
81
|
+
with_autoload_path "session_autoload_test" do
|
82
|
+
get '/get_session_id'
|
83
|
+
assert_response :success
|
84
|
+
end
|
85
|
+
|
86
|
+
with_autoload_path "session_autoload_test" do
|
87
|
+
get '/get_session_value'
|
88
|
+
response.must_be :success?
|
89
|
+
response.body.must_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">'
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
it "should not resend the cookie again if session_id cookie is already exists" do
|
94
|
+
get '/set_session_value'
|
95
|
+
response.must_be :success?
|
96
|
+
cookies['_session_id'].wont_be_nil
|
97
|
+
|
98
|
+
get '/get_session_value'
|
99
|
+
response.must_be :success?
|
100
|
+
headers['Set-Cookie'].must_be_nil
|
101
|
+
end
|
102
|
+
|
103
|
+
it "should prevent session fixation" do
|
104
|
+
get '/get_session_value'
|
105
|
+
response.must_be :success?
|
106
|
+
response.body.must_equal 'foo: nil'
|
107
|
+
session_id = cookies['_session_id']
|
108
|
+
|
109
|
+
reset!
|
110
|
+
|
111
|
+
get '/set_session_value', :_session_id => session_id
|
112
|
+
response.must_be :success?
|
113
|
+
cookies['_session_id'].wont_equal session_id
|
114
|
+
end
|
115
|
+
|
116
|
+
it "should write the data with expiration time" do
|
117
|
+
get '/set_session_value_with_expiry'
|
118
|
+
response.must_be :success?
|
119
|
+
|
120
|
+
get '/get_session_value'
|
121
|
+
response.must_be :success?
|
122
|
+
response.body.must_equal 'foo: "bar"'
|
123
|
+
|
124
|
+
sleep 1
|
125
|
+
|
126
|
+
get '/get_session_value'
|
127
|
+
response.must_be :success?
|
128
|
+
response.body.must_equal 'foo: nil'
|
129
|
+
end
|
130
|
+
end
|
@@ -0,0 +1,130 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class RedisStoreJsonIntegrationTest < ActionController::IntegrationTest
|
4
|
+
it "reads the data" do
|
5
|
+
get '/set_session_value'
|
6
|
+
response.must_be :success?
|
7
|
+
cookies['_session_id'].wont_be_nil
|
8
|
+
|
9
|
+
get '/get_session_value'
|
10
|
+
response.must_be :success?
|
11
|
+
response.body.must_equal 'foo: "bar"'
|
12
|
+
end
|
13
|
+
|
14
|
+
it "should get nil session value" do
|
15
|
+
get '/get_session_value'
|
16
|
+
response.must_be :success?
|
17
|
+
response.body.must_equal 'foo: nil'
|
18
|
+
end
|
19
|
+
|
20
|
+
it "should delete the data after session reset" do
|
21
|
+
get '/set_session_value'
|
22
|
+
response.must_be :success?
|
23
|
+
cookies['_session_id'].wont_be_nil
|
24
|
+
session_cookie = cookies.send(:hash_for)['_session_id']
|
25
|
+
|
26
|
+
get '/call_reset_session'
|
27
|
+
response.must_be :success?
|
28
|
+
headers['Set-Cookie'].wont_equal []
|
29
|
+
|
30
|
+
cookies << session_cookie
|
31
|
+
|
32
|
+
get '/get_session_value'
|
33
|
+
response.must_be :success?
|
34
|
+
response.body.must_equal 'foo: nil'
|
35
|
+
end
|
36
|
+
|
37
|
+
it "should not send cookies on write, not read" do
|
38
|
+
get '/get_session_value'
|
39
|
+
response.must_be :success?
|
40
|
+
response.body.must_equal 'foo: nil'
|
41
|
+
cookies['_session_id'].must_be_nil
|
42
|
+
end
|
43
|
+
|
44
|
+
it "should set session value after session reset" do
|
45
|
+
get '/set_session_value'
|
46
|
+
response.must_be :success?
|
47
|
+
cookies['_session_id'].wont_be_nil
|
48
|
+
session_id = cookies['_session_id']
|
49
|
+
|
50
|
+
get '/call_reset_session'
|
51
|
+
response.must_be :success?
|
52
|
+
headers['Set-Cookie'].wont_equal []
|
53
|
+
|
54
|
+
get '/get_session_value'
|
55
|
+
response.must_be :success?
|
56
|
+
response.body.must_equal 'foo: nil'
|
57
|
+
|
58
|
+
get '/get_session_id'
|
59
|
+
response.must_be :success?
|
60
|
+
response.body.wont_equal session_id
|
61
|
+
end
|
62
|
+
|
63
|
+
it "should be able to read session id without accessing the session hash" do
|
64
|
+
get '/set_session_value'
|
65
|
+
response.must_be :success?
|
66
|
+
cookies['_session_id'].wont_be_nil
|
67
|
+
session_id = cookies['_session_id']
|
68
|
+
|
69
|
+
get '/get_session_id'
|
70
|
+
response.must_be :success?
|
71
|
+
response.body.must_equal session_id
|
72
|
+
end
|
73
|
+
|
74
|
+
it "should auto-load unloaded class" do
|
75
|
+
with_autoload_path "session_autoload_test" do
|
76
|
+
get '/set_serialized_session_value'
|
77
|
+
response.must_be :success?
|
78
|
+
cookies['_session_id'].wont_be_nil
|
79
|
+
end
|
80
|
+
|
81
|
+
with_autoload_path "session_autoload_test" do
|
82
|
+
get '/get_session_id'
|
83
|
+
assert_response :success
|
84
|
+
end
|
85
|
+
|
86
|
+
with_autoload_path "session_autoload_test" do
|
87
|
+
get '/get_session_value'
|
88
|
+
response.must_be :success?
|
89
|
+
response.body.must_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">'
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
it "should not resend the cookie again if session_id cookie is already exists" do
|
94
|
+
get '/set_session_value'
|
95
|
+
response.must_be :success?
|
96
|
+
cookies['_session_id'].wont_be_nil
|
97
|
+
|
98
|
+
get '/get_session_value'
|
99
|
+
response.must_be :success?
|
100
|
+
headers['Set-Cookie'].must_be_nil
|
101
|
+
end
|
102
|
+
|
103
|
+
it "should prevent session fixation" do
|
104
|
+
get '/get_session_value'
|
105
|
+
response.must_be :success?
|
106
|
+
response.body.must_equal 'foo: nil'
|
107
|
+
session_id = cookies['_session_id']
|
108
|
+
|
109
|
+
reset!
|
110
|
+
|
111
|
+
get '/set_session_value', :_session_id => session_id
|
112
|
+
response.must_be :success?
|
113
|
+
cookies['_session_id'].wont_equal session_id
|
114
|
+
end
|
115
|
+
|
116
|
+
it "should write the data with expiration time" do
|
117
|
+
get '/set_session_value_with_expiry'
|
118
|
+
response.must_be :success?
|
119
|
+
|
120
|
+
get '/get_session_value'
|
121
|
+
response.must_be :success?
|
122
|
+
response.body.must_equal 'foo: "bar"'
|
123
|
+
|
124
|
+
sleep 1
|
125
|
+
|
126
|
+
get '/get_session_value'
|
127
|
+
response.must_be :success?
|
128
|
+
response.body.must_equal 'foo: nil'
|
129
|
+
end
|
130
|
+
end
|