Monday, May 24, 2010

rails session options

require 'action_controller/cgi_ext'
require 'action_controller/session/cookie_store'

module ActionController #:nodoc:
class Base
# Process a request extracted from a CGI object and return a response. Pass false as session_options to disable
# sessions (large performance increase if sessions are not needed). The session_options are the same as for CGI::Session:
# * :database_manager - standard options are CGI::Session::FileStore, CGI::Session::MemoryStore, and CGI::Session::PStore
# (default). Additionally, there is CGI::Session::DRbStore and CGI::Session::ActiveRecordStore. Read more about these in
# lib/action_controller/session.
# * :session_key - the parameter name used for the session id. Defaults to '_session_id'.
# * :session_id - the session id to use. If not provided, then it is retrieved from the +session_key+ cookie, or
# automatically generated for a new session.
# * :new_session - if true, force creation of a new session. If not set, a new session is only created if none currently
# exists. If false, a new session is never created, and if none currently exists and the +session_id+ option is not set,
# an ArgumentError is raised.
# * :session_expires - the time the current session expires, as a Time object. If not set, the session will continue
# indefinitely.
# * :session_domain - the hostname domain for which this session is valid. If not set, defaults to the hostname of the
# server.
# * :session_secure - if +true+, this session will only work over HTTPS.
# * :session_path - the path for which this session applies. Defaults to the directory of the CGI script.
# * :cookie_only - if +true+ (the default), session IDs will only be accepted from cookies and not from
# the query string or POST parameters. This protects against session fixation attacks.
def self.process_cgi(cgi =, session_options = {})
new.process_cgi(cgi, session_options)

def process_cgi(cgi, session_options = {}) #:nodoc:
process(, session_options),


No comments :