Sha256: 8b2116c3b0cf35b4647f409195d7b0ab9d0aea9474d359796186fbfcb2286e57

Contents?: true

Size: 1.29 KB

Versions: 16

Compression:

Stored size: 1.29 KB

Contents

# frozen_string_literal: true

class RemoveSession
  SET_COOKIE = 'Set-Cookie'

  def initialize(app)
    @app = app
  end

  def call(env)
    status, headers, body = @app.call(env)

    path = env['PATH_INFO']
    user_key = env['rack.session'].try(:[], 'warden.user.user.key')

    # Don't delete the session cookie if:
    #   - We're in the process of logging in (breaks CSRF for sign in form)
    #   - We're logged in (needed for Devise)
    skip_delete = (
      path =~ %r{^/users} ||
      user_key.present? ||
      headers[SET_COOKIE].blank?
    )

    signing_out = path == '/users/sign_out'

    unless skip_delete
      # Delete ONLY the session cookie.
      headers[SET_COOKIE] = without_session_cookie(headers[SET_COOKIE])
    end

    if signing_out
      # Clear out the session cookie so the browser won't send it again.
      Rack::Utils.delete_cookie_header!(headers, session_key, path: '/')
    end

    [status, headers, body]
  end

  private

  def session_key
    Rails.application.config.session_options[:key]
  end

  def without_session_cookie(header)
    cookies = case header
              when String then header.split("\n")
              when Array then header
              else []
              end

    cookies.reject! { |c| c =~ /#{session_key}/ }
    cookies.join('\n')
  end
end

Version data entries

16 entries across 16 versions & 1 rubygems

Version Path
lcms-engine-0.5.5 app/middleware/remove_session.rb
lcms-engine-0.5.4 app/middleware/remove_session.rb
lcms-engine-0.5.3 app/middleware/remove_session.rb
lcms-engine-0.5.2 app/middleware/remove_session.rb
lcms-engine-0.5.1 app/middleware/remove_session.rb
lcms-engine-0.5.0 app/middleware/remove_session.rb
lcms-engine-0.4.2 app/middleware/remove_session.rb
lcms-engine-0.4.1 app/middleware/remove_session.rb
lcms-engine-0.4.0 app/middleware/remove_session.rb
lcms-engine-0.3.1 app/middleware/remove_session.rb
lcms-engine-0.1.4 app/middleware/remove_session.rb
lcms-engine-0.3.0 app/middleware/remove_session.rb
lcms-engine-0.1.3 app/middleware/remove_session.rb
lcms-engine-0.2.0 app/middleware/remove_session.rb
lcms-engine-0.1.2 app/middleware/remove_session.rb
lcms-engine-0.1.0 app/middleware/remove_session.rb