lib/rack/session/abstract/id.rb in rack-session-2.0.0 vs lib/rack/session/abstract/id.rb in rack-session-2.1.0
- old
+ new
@@ -213,11 +213,11 @@
# #delete_session are required to be overwritten.
#
# All parameters are optional.
# * :key determines the name of the cookie, by default it is
# 'rack.session'
- # * :path, :domain, :expire_after, :secure, :httponly, and :same_site set
+ # * :path, :domain, :expire_after, :secure, :httponly, :partitioned and :same_site set
# the related cookie options as by Rack::Response#set_cookie
# * :skip will not a set a cookie in the response nor update the session state
# * :defer will not set a cookie in the response but still update the session
# state if it is used with a backend
# * :renew (implementation dependent) will prompt the generation of a new
@@ -242,10 +242,11 @@
path: '/',
domain: nil,
expire_after: nil,
secure: false,
httponly: true,
+ partitioned: false,
defer: false,
renew: false,
sidbits: 128,
cookie_only: true,
secure_random: ::SecureRandom
@@ -255,10 +256,11 @@
def initialize(app, options = {})
@app = app
@default_options = self.class::DEFAULT_OPTIONS.merge(options)
@key = @default_options.delete(:key)
+ @assume_ssl = @default_options.delete(:assume_ssl)
@cookie_only = @default_options.delete(:cookie_only)
@same_site = @default_options.delete(:same_site)
initialize_sid
end
@@ -366,10 +368,10 @@
options.values_at(:max_age, :renew, :drop, :defer, :expire_after).any?
end
def security_matches?(request, options)
return true unless options[:secure]
- request.ssl?
+ request.ssl? || @assume_ssl == true
end
# Acquires the session from the environment and the session id from
# the session options and passes them to #write_session. If successful
# and the :defer option is not true, a cookie will be added to the