redis-session-store 0.6.6 → 0.7.0

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    Mjc5NmUwYjhlZjRlZDZkMTYxYmFmNDM2Mzg4ZTI1MmVkNzgxNjUxNA==
-  data.tar.gz: !binary |-
-    OGU1ZGZhYTU3MmYzZWRlMzAzOTdmMWE4NjdmMDQxMDlkMDExOTE2NQ==
+SHA1:
+  metadata.gz: b4d846842edbd5ebc0a653e24f80ca303150c390
+  data.tar.gz: be0006a20a902ca97e52e6907b90c9a1dfa22bdb
 SHA512:
-  metadata.gz: !binary |-
-    OWFmYjQ1MTJlODFjZGUxM2RiZDBhYzRkYTczYzUyZTAxYjQxYmQ1ZjU1YjQ2
-    YzhjZjhiMjY1YzIzMDNkNjJkNTMzZGY2YWE5N2FhYTI2NzdlZjYwMTQzZjU5
-    YjU0M2E0ZGNlOTJhNzQ1ZWYwMzAwYWQwMGJiZjE0NDQwOTAyMDU=
-  data.tar.gz: !binary |-
-    Y2YwMGRjZWFhMGFhYjg5NGEzNTBkMDljOGI0NGNjYjcxNWRkZWIyYzEyNmJm
-    ODFjYjAyYjQxNWMxNzVlZTc1NDBhNWMwMmRhNGYzMTA1ZDVhNjBhY2Q3MGM1
-    OGQ3ZmYxODcwZjY5MmFiMzIwNDNlOWY1YzlmYWY2ZTEzZmE3NWE=
+  metadata.gz: fa7412de4681ecc8646093aaa4920ae8b4b5683a814cbf9ef73d04003995aefa2c2f8a64371cc73c496dbe517b49b9b934cb6b9975cc754ba40403db82a3a0ca
+  data.tar.gz: d250e8895eed17ad83493c0bcab9c92c05c6ca92e88f41f05ae11f06c7c97e51923d39ea1e6b017554453885f8111166ec025b6be4875b3611813f4a8e410a0b

data/CHANGELOG.md

@@ -1,6 +1,12 @@
 redis-session-store history
 ===========================
 
+## v0.7.0 (2014-04-22)
+
+* Fix issue #38, we now delay writing to redis until a session exists. This is
+  a backwards-incompatible change, as it removes the `on_sid_collision` option.
+  There is now no checking for sid collisions, however that is very unlikely.
+
 ## v0.6.6 (2014-04-08)
 
 * Fix issue #37, use correct constant for `ENV_SESSION_OPTIONS_KEY` if not

data/README.md

@@ -48,19 +48,6 @@ My::Application.config.session_store :redis_session_store, {
 }
 ```
 
-### Session ID collision handling
-
-If you want to handle cases where the generated session ID (sid)
-collides with an existing session ID, a custom callable handler may be
-provided as `on_sid_collision`:
-
-``` ruby
-My::Application.config.session_store :redis_session_store, {
-  # ... other options ...
-  on_sid_collision: ->(sid) { Rails.logger.warn("SID collision! #{sid}") }
-}
-```
-
 ### Redis unavailability handling
 
 If you want to handle cases where Redis is unavailable, a custom

data/lib/redis-session-store.rb

@@ -4,7 +4,7 @@ require 'redis'
 # Redis session storage for Rails, and for Rails only. Derived from
 # the MemCacheStore code, simply dropping in Redis instead.
 class RedisSessionStore < ActionDispatch::Session::AbstractStore
-  VERSION = '0.6.6'
+  VERSION = '0.7.0'
   # Rails 3.1 and beyond defines the constant elsewhere
   unless defined?(ENV_SESSION_OPTIONS_KEY)
     ENV_SESSION_OPTIONS_KEY = Rack::Session::Abstract::ENV_SESSION_OPTIONS_KEY
@@ -18,7 +18,6 @@ class RedisSessionStore < ActionDispatch::Session::AbstractStore
   #   * +:db+ - Database number, defaults to 0.
   #   * +:key_prefix+ - Prefix for keys used in Redis, e.g. +myapp:+
   #   * +:expire_after+ - A number in seconds for session timeout
-  # * +:on_sid_collision:+ - Called with SID string when generated SID collides
   # * +:on_redis_down:+ - Called with err, env, and SID on Errno::ECONNREFUSED
   # * +:on_session_load_error:+ - Called with err and SID on Marshal.load fail
   # * +:serializer:+ - Serializer to use on session data, default is :marshal.
@@ -34,7 +33,6 @@ class RedisSessionStore < ActionDispatch::Session::AbstractStore
   #         host: 'host', # Redis host name, default is localhost
   #         port: 12345   # Redis port, default is 6379
   #       },
-  #       on_sid_collision: ->(sid) { logger.warn("SID collision! #{sid}") },
   #       on_redis_down: ->(*a) { logger.error("Redis down! #{a.inspect}") }
   #       serializer: :hybrid # migrate from Marshal to JSON
   #     }
@@ -47,21 +45,35 @@ class RedisSessionStore < ActionDispatch::Session::AbstractStore
     @default_options.merge!(namespace: 'rack:session')
     @default_options.merge!(redis_options)
     @redis = Redis.new(redis_options)
-    @on_sid_collision = options[:on_sid_collision]
     @on_redis_down = options[:on_redis_down]
     @serializer = determine_serializer(options[:serializer])
     @on_session_load_error = options[:on_session_load_error]
     verify_handlers!
   end
 
-  attr_accessor :on_sid_collision, :on_redis_down, :on_session_load_error
+  attr_accessor :on_redis_down, :on_session_load_error
 
   private
 
   attr_reader :redis, :key, :default_options, :serializer
 
+  # overrides method defined in rack to actually verify session existence
+  # Prevents needless new sessions from being created in scenario where
+  # user HAS session id, but it already expired, or is invalid for some
+  # other reason, and session was accessed only for reading.
+  def session_exists?(env)
+    value = current_session_id(env)
+
+    value && !value.empty? &&
+      redis.exists(prefixed(value)) # new behavior
+  rescue Errno::ECONNREFUSED => e
+    on_redis_down.call(e, env, value) if on_redis_down
+
+    true
+  end
+
   def verify_handlers!
-    %w(on_sid_collision on_redis_down on_session_load_error).each do |h|
+    %w(on_redis_down on_session_load_error).each do |h|
       if (handler = public_send(h)) && !handler.respond_to?(:call)
         fail ArgumentError, "#{h} handler is not callable"
       end
@@ -72,19 +84,6 @@ class RedisSessionStore < ActionDispatch::Session::AbstractStore
     "#{default_options[:key_prefix]}#{sid}"
   end
 
-  def generate_sid
-    loop do
-      sid = super
-      break sid unless sid_collision?(sid)
-    end
-  end
-
-  def sid_collision?(sid)
-    !redis.setnx(prefixed(sid), nil).tap do |value|
-      on_sid_collision.call(sid) if !value && on_sid_collision
-    end
-  end
-
   def get_session(env, sid)
     unless sid && (session = load_session_from_redis(sid))
       sid = generate_sid

data/spec/redis_session_store_spec.rb

@@ -163,6 +163,56 @@ describe RedisSessionStore do
     end
   end
 
+  describe 'checking for session existence' do
+    let(:session_id) { 'foo' }
+
+    before do
+      store.stub(:current_session_id).with(:env).and_return(session_id)
+    end
+
+    context 'when session id is not provided' do
+      context 'when session id is nil' do
+        let(:session_id) { nil }
+        it 'should return false' do
+          store.send(:session_exists?, :env).should be_false
+        end
+      end
+
+      context 'when session id is empty string' do
+        let(:session_id) { '' }
+        it 'should return false' do
+          store.stub(:current_session_id).with(:env).and_return('')
+          store.send(:session_exists?, :env).should be_false
+        end
+      end
+    end
+
+    context 'when session id is provided' do
+      let(:redis) { double('redis').tap { |o| store.stub(redis: o) } }
+
+      context 'when session id does not exist in redis' do
+        it 'should return false' do
+          redis.should_receive(:exists).with('foo').and_return(false)
+          store.send(:session_exists?, :env).should be_false
+        end
+      end
+
+      context 'when session id exists in redis' do
+        it 'should return true' do
+          redis.should_receive(:exists).with('foo').and_return(true)
+          store.send(:session_exists?, :env).should be_true
+        end
+      end
+
+      context 'when redis is down' do
+        it 'should return true (fallback to old behavior)' do
+          store.stub(:redis).and_raise(Errno::ECONNREFUSED)
+          store.send(:session_exists?, :env).should be_true
+        end
+      end
+    end
+  end
+
   describe 'fetching a session' do
     let :options do
       {
@@ -259,54 +309,6 @@ describe RedisSessionStore do
     end
   end
 
-  describe 'generating a sid' do
-    before { store.on_sid_collision = ->(sid) { @sid = sid } }
-
-    context 'when the generated sid is unique' do
-      before do
-        redis = double('redis', setnx: true)
-        store.stub(redis: redis)
-      end
-
-      it 'returns the sid' do
-        expect(store.send(:generate_sid)).to_not be_nil
-      end
-
-      it 'does not pass the unique sid to the collision handler' do
-        store.send(:sid_collision?, 'whatever')
-        expect(@sid).to eql(nil)
-      end
-    end
-
-    context 'when there is a generated sid collision' do
-      before do
-        redis = double('redis', setnx: false)
-        store.stub(redis: redis)
-      end
-
-      it 'passes the colliding sid to the collision handler' do
-        store.send(:sid_collision?, 'whatever')
-        expect(@sid).to eql('whatever')
-      end
-    end
-
-    it 'does not allow two processes to get the same sid' do
-      redis = Redis.new
-      store1 = RedisSessionStore.new(nil, options)
-      store1.stub(redis: redis)
-      store2 = RedisSessionStore.new(nil, options)
-      store2.stub(redis: redis)
-
-      # While this is stubbing out a method defined in spec/support.rb,
-      # Rails does use SecureRandom for the random string
-      store1.stub(:rand).and_return(1000)
-      store2.stub(:rand).and_return(1000, 1001)
-
-      expect(store1.send(:generate_sid)).to eq('3e8')
-      expect(store2.send(:generate_sid)).to eq('3e9')
-    end
-  end
-
   describe 'session encoding' do
     let(:env)          { double('env') }
     let(:session_id)   { 12_345 }
@@ -447,7 +449,7 @@ describe RedisSessionStore do
   end
 
   describe 'validating custom handlers' do
-    %w(on_redis_down on_sid_collision on_session_load_error).each do |h|
+    %w(on_redis_down on_session_load_error).each do |h|
       context 'when nil' do
         it 'does not explode at init' do
           expect { store }.to_not raise_error

metadata

@@ -1,97 +1,97 @@
 --- !ruby/object:Gem::Specification
 name: redis-session-store
 version: !ruby/object:Gem::Version
-  version: 0.6.6
+  version: 0.7.0
 platform: ruby
 authors:
 - Mathias Meyer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-09 00:00:00.000000000 Z
+date: 2014-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redis
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: fakeredis
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: A drop-in replacement for e.g. MemCacheStore to store Rails sessions
@@ -105,11 +105,11 @@ extra_rdoc_files:
 - AUTHORS.md
 - CONTRIBUTING.md
 files:
-- .gitignore
-- .rspec
-- .rubocop.yml
-- .simplecov
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".simplecov"
+- ".travis.yml"
 - AUTHORS.md
 - CHANGELOG.md
 - CONTRIBUTING.md
@@ -132,12 +132,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
@@ -148,3 +148,4 @@ specification_version: 4
 summary: A drop-in replacement for e.g. MemCacheStore to store Rails sessions (and
   Rails sessions only) in Redis.
 test_files: []
+has_rdoc: true