Changeset 8176
- Timestamp:
- 11/21/07 04:28:59 (1 year ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/actionpack/lib/action_controller/cgi_process.rb
r8088 r8176 34 34 35 35 class CgiRequest < AbstractRequest #:nodoc: 36 attr_accessor :cgi, :session_options , :cookie_only36 attr_accessor :cgi, :session_options 37 37 class SessionFixationAttempt < StandardError; end #:nodoc: 38 38 … … 41 41 :prefix => "ruby_sess.", # prefix session file names 42 42 :session_path => "/", # available to all paths in app 43 :session_key => "_session_id", 43 44 :cookie_only => true 44 45 } unless const_defined?(:DEFAULT_SESSION_OPTIONS) … … 48 49 @session_options = session_options 49 50 @env = @cgi.send!(:env_table) 50 @cookie_only = session_options.delete :cookie_only51 51 super() 52 52 end … … 113 113 else 114 114 stale_session_check! do 115 if @cookie_only && request_parameters[session_options_with_string_keys['session_key']]115 if cookie_only? && query_parameters[session_options_with_string_keys['session_key']] 116 116 raise SessionFixationAttempt 117 117 end … … 159 159 end 160 160 161 def cookie_only? 162 session_options_with_string_keys['cookie_only'] 163 end 164 161 165 def stale_session_check! 162 166 yield
