id.rb in kastner-rack-0.3.186

- old
+ new

@@ -24,11 +24,14 @@
         attr_reader :key
         DEFAULT_OPTIONS = {
           :key =>           'rack.session',
           :path =>          '/',
           :domain =>        nil,
-          :expire_after =>  nil
+          :expire_after =>  nil,
+          :secure =>        false,
+          :httponly =>      true,
+          :sidbits =>       128
         }
 
         def initialize(app, options={})
           @default_options = self.class::DEFAULT_OPTIONS.merge(options)
           @key = @default_options[:key]
@@ -48,10 +51,18 @@
           end
         end
 
         private
 
+        # Generate a new session id using Ruby #rand.  The size of the
+        # session id is controlled by the :sidbits option.
+        # Monkey patch this to use custom methods for session id generation.
+        def generate_sid
+          "%0#{@default_options[:sidbits] / 4}x" %
+            rand(2**@default_options[:sidbits] - 1)
+        end
+
         # Extracts the session id from provided cookies and passes it and the
         # environment to #get_session. It then sets the resulting session into
         # 'rack.session', and places options and session metadata into
         # 'rack.session.options'.
         def load_session(env)
@@ -108,9 +119,11 @@
           cookie<< "; path=#{options[:path]}" if options[:path]
           if options[:expire_after]
             expiry = time + options[:expire_after]
             cookie<< "; expires=#{expiry.httpdate}"
           end
+          cookie<< "; Secure" if options[:secure]
+          cookie<< "; HttpOnly" if options[:httponly]
 
           case a = (h = response[1])['Set-Cookie']
           when Array then  a << cookie
           when String then h['Set-Cookie'] = [a, cookie]
           when nil then    h['Set-Cookie'] = cookie