lib/roda/plugins/sessions.rb in roda-3.27.0 vs lib/roda/plugins/sessions.rb in roda-3.28.0

@@ -170,11 +170,10 @@
         [cipher_secret.freeze, hmac_secret.freeze]
       end
 
       # Configure the plugin, see Sessions for details on options.
       def self.configure(app, opts=OPTS)
-        plugin_opts = opts
         opts = (app.opts[:sessions] || DEFAULT_OPTIONS).merge(opts)
         co = opts[:cookie_options] = DEFAULT_COOKIE_OPTIONS.merge(opts[:cookie_options] || OPTS).freeze
         opts[:remove_cookie_options] = co.merge(:max_age=>'0', :expires=>Time.at(0))
         opts[:parser] ||= app.opts[:json_parser] || JSON.method(:parse)
         opts[:serializer] ||= app.opts[:json_serializer] || :to_json.to_proc
@@ -237,10 +236,22 @@
         # but that does not happen until this method is called.
         def session
           @env['rack.session'] ||= _load_session
         end
 
+        # The time the session was originally created. nil if there is no active session.
+        def session_created_at
+          session
+          Time.at(@env[SESSION_CREATED_AT]) if @env[SESSION_SERIALIZED]
+        end
+
+        # The time the session was last updated. nil if there is no active session.
+        def session_updated_at
+          session
+          Time.at(@env[SESSION_UPDATED_AT]) if @env[SESSION_SERIALIZED]
+        end
+
         # Persist the session data as a cookie.  If transparently upgrading from
         # Rack::Session::Cookie, mark the related cookie for expiration so it isn't
         # sent in the future.
         def persist_session(headers, session)
           opts = roda_class.opts[:sessions]
@@ -294,12 +305,10 @@
         # Interpret given cookie data as a Rack::Session::Cookie
         # serialized session using the default Rack::Session::Cookie
         # hmac and coder.
         def _deserialize_rack_session(data)
           opts = roda_class.opts[:sessions]
-          key = opts[:upgrade_from_rack_session_cookie_key]
-          secret = opts[:upgrade_from_rack_session_cookie_secret]
           data, digest = data.split("--", 2)
           unless digest
             return _session_serialization_error("Not decoding Rack::Session::Cookie session: invalid format")
           end
           unless Rack::Utils.secure_compare(digest, OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, opts[:upgrade_from_rack_session_cookie_secret], data))
@@ -312,9 +321,14 @@
             return _session_serialization_error("Error decoding Rack::Session::Cookie session: not base64 encoded marshal dump")
           end
 
           # Mark rack session cookie for deletion on success
           env[SESSION_DELETE_RACK_COOKIE] = true
+
+          # Delete the session id before serializing it.  Starting in rack 2.0.8,
+          # this is an object and not just a string, and calling to_s on it raises
+          # a RuntimeError.
+          session.delete("session_id")
 
           # Convert the rack session by roundtripping it through
           # the parser and serializer, so that you would get the
           # same result as you would if the session was handled
           # by this plugin.