I'm implementing a simpler version of the Cookie Session Store in
Rails 2.0. If you know what that is, skip the next paragraph.
A cookie session store stores the session data inside cookies, on the
client, and signs them using a secret string, hashed together. The
user can decode the cookie easily if they know much about computers
and see what's inside, but they can't alter it because they can't
generate the needed hash to sign it, and the server will ignore all
cookie session data that isn't signed right. It's neat, you don't need
a database, no file system clutter, and I think it feels really just a
lot more natural this way.
Trouble is, I'm trying to make it work as a drop in replacement for
the camping sessions mixin so people can 'upgrade' in either direction
easily, consider this code however...
def service(*a)
if @cookies.identity
blob, secure_hash = @cookies.identity.to_s.split(':')
blob = Base64.decode64(blob)
data = Marshal.restore(blob)
data = {} unless secure_blob_hasher(blob) == secure_hash
else
blob = ''
data = {}
end
app = self.class.name.gsub(/^(\w+)::.+$/, '\1')
@state = (data[app] ||= Camping::H[])
hash_before = blob.hash
return super(*a)
ensure
if data
data[app] = @state
blob = Marshal.dump(data)
unless hash_before == blob.hash
secure_hash = secure_blob_hasher(blob)
@cookies.identity = Base64.encode64(blob).strip + ':' +
secure_hash
end
end
end
and there's quite a problem, check out that line, return super(*a),
and look at the camping source, and soon enough one realises the
reason this doesn't work at all is that the code inside the super is
the code converting @cookies in to the Set-Cookie http header, so it's
too late to set a cookie by the time the ensure block runs and tries
to save the session.
What should I do? It feels dirty to copy code out of camping.rb that
serializes the cookies, in effect making it do that job twice every
time the session data and any other cookie data changes (which
wouldn't be a big deal for my app, but still seems nasty). Anyone got
a better idea?
—
Jenna “Where's my oats” Fox
_______________________________________________
Camping-list mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/camping-list
