Class: Rack::Session::JsonFile

Inherits:

Abstract::PersistedSecure

• Object
• Abstract::PersistedSecure
• Rack::Session::JsonFile

Defined in:

contrib/lib/rack/session/json_file.rb

Overview

A JSON File based session storage.

Class Method Summary

• .clean(to = Date.today.prev_month, dir = "#{Dir.tmpdir}/rack.session") ⇒ Object

  Cleans session files that have not been used.

Instance Method Summary

• #delete_session(_req, sid, options) ⇒ self|nil

  New session id or nil if options[:drop].

• #find_session(_req, sid) ⇒ Array

  [self, Hash].

• #generate_sid ⇒ Object
• #initialize(app, options = {}) ⇒ JsonFile constructor

  A new instance of JsonFile.

• #write_session(_req, sid, session, _options) ⇒ self|false

  Session_id or false.

Constructor Details

#initialize(app, options = {}) ⇒ JsonFile

Returns a new instance of JsonFile.

Parameters:

• options (Hash) (defaults to: {}) —

  Accepts a :session_dir path which defaults to /tmp/rack.session.

# File 'contrib/lib/rack/session/json_file.rb', line 37

def initialize(app, options = {})
  super(
    app,
    {
      secure: ENV['RACK_ENV'] != 'development', # HTTPS unless in dev env
      same_site: 'Strict' # don't allow cross-site sessions
    }.merge!(options)
  )
  @session_dir = "#{Dir.tmpdir}/#{@key}" || @default_options[:session_dir]
end

Class Method Details

.clean(to = Date.today.prev_month, dir = "#{Dir.tmpdir}/rack.session") ⇒ Object

Cleans session files that have not been used.

Parameters:

• to (Time|Date) (defaults to: Date.today.prev_month) —

  Time from which file has not been accessed. Defaults to 00:00 hrs 1 month ago.

• dir (String) (defaults to: "#{Dir.tmpdir}/rack.session") —

  Directory from which to clean files. Defaults to /tmp/rack.session.

# File 'contrib/lib/rack/session/json_file.rb', line 25

def self.clean(
  to = Date.today.prev_month,
  dir = "#{Dir.tmpdir}/rack.session"
)
  to = to.to_time if to.instance_of?(Date)
  Dir["#{dir}/*"].each do |file|
    FileUtils.rm(file, force: true) if ::File.atime(file) < to
  end
end

Instance Method Details

#delete_session(_req, sid, options) ⇒ self|nil

Returns new session id or nil if options[:drop].

Returns:

• (self|nil) —

  new session id or nil if options[:drop].

# File 'contrib/lib/rack/session/json_file.rb', line 72

def delete_session(_req, sid, options)
  FileUtils.rm("#{@session_dir}/#{sid}", force: true)
  options&.include?(:drop) ? nil : generate_sid
end

#find_session(_req, sid) ⇒ Array

Returns [self, Hash].

Returns:

• (Array) —

  [self, Hash].

# File 'contrib/lib/rack/session/json_file.rb', line 49

def find_session(_req, sid)
  sid = generate_sid if sid.nil?

  [sid, JSON.parse(::File.read("#{@session_dir}/#{sid}"))]
rescue Errno::ENOENT
  [generate_sid, {}]
rescue JSON::ParserError
  [sid, {}]
end

#generate_sid ⇒ Object

# File 'contrib/lib/rack/session/json_file.rb', line 77

def generate_sid(*)
  sid = super
  FileUtils.mkdir_p(@session_dir, mode: 0o700)
  ::File.new("#{@session_dir}/#{sid}", 'w', 0o600).close
  sid
end

#write_session(_req, sid, session, _options) ⇒ self|false

Returns session_id or false.

Parameters:

• sid (String) —

  Only known ids are allowed, to avoid session fixation attacks.

Returns:

• (self|false) —

  session_id or false.

# File 'contrib/lib/rack/session/json_file.rb', line 62

def write_session(_req, sid, session, _options)
  return false unless ::File.exist?("#{@session_dir}/#{sid}")

  ::File.open("#{@session_dir}/#{sid}", 'w', 0o600) do |f|
    f << JSON.generate(session)
  end
  sid
end