lib/authlogic/session/session.rb in authlogic-1.4.3 vs lib/authlogic/session/session.rb in authlogic-2.0.0
- old
+ new
@@ -1,45 +1,60 @@
module Authlogic
module Session
- # = Session
- #
# Handles all parts of authentication that deal with sessions. Such as persisting a session and saving / destroy a session.
module Session
def self.included(klass)
- klass.after_save :update_session, :if => :persisting?
- klass.after_destroy :update_session, :if => :persisting?
- klass.after_find :update_session, :if => :persisting? # to continue persisting the session after an http_auth request
+ klass.class_eval do
+ extend Config
+ include InstanceMethods
+ persist :persist_by_session
+ after_save :update_session
+ after_destroy :update_session
+ after_persisting :update_session, :unless => :single_access?
+ end
end
- # Tries to validate the session from information in the session
- def valid_session?
- persistence_token, record_id = session_credentials
- if !persistence_token.blank?
- if record_id
- record = search_for_record("find_by_#{klass.primary_key}", record_id)
- self.unauthorized_record = record if record && record.send(persistence_token_field) == persistence_token
- else
- # For backwards compatibility, will eventually be removed, just need to let the sessions update theirself
- record = search_for_record("find_by_#{persistence_token_field}", persistence_token)
- if record
- controller.session["#{session_key}_id"] = record.send(record.class.primary_key)
- self.unauthorized_record = record
- end
- end
- valid?
- else
- false
+ # Configuration for the session feature.
+ module Config
+ # Works exactly like cookie_key, but for sessions. See cookie_key for more info.
+ #
+ # * <tt>Default:</tt> cookie_key
+ # * <tt>Accepts:</tt> Symbol or String
+ def session_key(value = nil)
+ config(:session_key, value, cookie_key)
end
+ alias_method :session_key=, :session_key
end
- private
- def session_credentials
- [controller.session[session_key], controller.session["#{session_key}_id"]].compact
- end
+ # Instance methods for the session feature.
+ module InstanceMethods
+ private
+ # Tries to validate the session from information in the session
+ def persist_by_session
+ persistence_token, record_id = session_credentials
+ if !persistence_token.nil?
+ # Allow finding by persistence token, because when records are created the session is maintained in a before_save, when there is no id.
+ # This is done for performance reasons and to save on queries.
+ record = record_id.nil? ? search_for_record("find_by_persistence_token", persistence_token) : search_for_record("find_by_#{klass.primary_key}", record_id)
+ self.unauthorized_record = record if record && record.persistence_token == persistence_token
+ valid?
+ else
+ false
+ end
+ end
+
+ def session_credentials
+ [controller.session[session_key], controller.session["#{session_key}_#{klass.primary_key}"]].compact
+ end
+
+ def session_key
+ build_key(self.class.session_key)
+ end
- def update_session
- controller.session[session_key] = record && record.send(persistence_token_field)
- controller.session["#{session_key}_id"] = record && record.send(record.class.primary_key)
- end
+ def update_session
+ controller.session[session_key] = record && record.persistence_token
+ controller.session["#{session_key}_#{klass.primary_key}"] = record && record.send(record.class.primary_key)
+ end
+ end
end
end
end
\ No newline at end of file