module Authlogic module Session # Handles all parts of authentication that deal with sessions. Such as persisting a session and saving / destroy a session. module Session def self.included(klass) klass.class_eval do extend Config include InstanceMethods persist :persist_by_session after_save :update_session after_destroy :update_session after_persisting :update_session, :unless => :single_access? end end # Configuration for the session feature. module Config # Works exactly like cookie_key, but for sessions. See cookie_key for more info. # # * Default: cookie_key # * Accepts: Symbol or String def session_key(value = nil) config(:session_key, value, cookie_key) end alias_method :session_key=, :session_key end # Instance methods for the session feature. module InstanceMethods private # Tries to validate the session from information in the session def persist_by_session persistence_token, record_id = session_credentials if !persistence_token.nil? # Allow finding by persistence token, because when records are created the session is maintained in a before_save, when there is no id. # This is done for performance reasons and to save on queries. record = record_id.nil? ? search_for_record("find_by_persistence_token", persistence_token) : search_for_record("find_by_#{klass.primary_key}", record_id) self.unauthorized_record = record if record && record.persistence_token == persistence_token valid? else false end end def session_credentials [controller.session[session_key], controller.session["#{session_key}_#{klass.primary_key}"]].compact end def session_key build_key(self.class.session_key) end def update_session controller.session[session_key] = record && record.persistence_token controller.session["#{session_key}_#{klass.primary_key}"] = record && record.send(record.class.primary_key) end end end end end