lib/rack/session/cookie.rb in rack-1.5.5 vs lib/rack/session/cookie.rb in rack-1.6.0.beta
- old
+ new
@@ -1,6 +1,7 @@
require 'openssl'
+require 'zlib'
require 'rack/request'
require 'rack/response'
require 'rack/session/abstract/id'
module Rack
@@ -76,24 +77,31 @@
def decode(str)
return unless str
::Rack::Utils::OkJson.decode(super(str)) rescue nil
end
end
+
+ class ZipJSON < Base64
+ def encode(obj)
+ super(Zlib::Deflate.deflate(::Rack::Utils::OkJson.encode(obj)))
+ end
+
+ def decode(str)
+ return unless str
+ ::Rack::Utils::OkJson.decode(Zlib::Inflate.inflate(super(str)))
+ rescue
+ nil
+ end
+ end
end
# Use no encoding for session cookies
class Identity
def encode(str); str; end
def decode(str); str; end
end
- # Reverse string encoding. (trollface)
- class Reverse
- def encode(str); str.reverse; end
- def decode(str); str.reverse; end
- end
-
attr_reader :coder
def initialize(app, options={})
@secrets = options.values_at(:secret, :old_secret).compact
warn <<-MSG unless @secrets.size >= 1
@@ -125,10 +133,12 @@
env["rack.session.unpacked_cookie_data"] ||= begin
request = Rack::Request.new(env)
session_data = request.cookies[@key]
if @secrets.size > 0 && session_data
- session_data, digest = session_data.split("--")
+ digest, session_data = session_data.reverse.split("--", 2)
+ digest.reverse! if digest
+ session_data.reverse! if session_data
session_data = nil unless digest_match?(session_data, digest)
end
coder.decode(session_data) || {}
end