<?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Class: ActionController::Session::CookieStore</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <link rel="stylesheet" href="../../.././rdoc-style.css" type="text/css" media="screen" /> <script type="text/javascript"> // <![CDATA[ function popupCode( url ) { window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400") } function toggleCode( id ) { if ( document.getElementById ) elem = document.getElementById( id ); else if ( document.all ) elem = eval( "document.all." + id ); else return false; elemStyle = elem.style; if ( elemStyle.display != "block" ) { elemStyle.display = "block" } else { elemStyle.display = "none" } return true; } // Make codeblocks hidden by default document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" ) // ]]> </script> </head> <body> <div id="classHeader"> <table class="header-table"> <tr class="top-aligned-row"> <td><strong>Class</strong></td> <td class="class-name-in-header">ActionController::Session::CookieStore</td> </tr> <tr class="top-aligned-row"> <td><strong>In:</strong></td> <td> <a href="../../../files/lib/action_controller/session/cookie_store_rb.html"> lib/action_controller/session/cookie_store.rb </a> <br /> </td> </tr> <tr class="top-aligned-row"> <td><strong>Parent:</strong></td> <td> <a href="../../Object.html"> Object </a> </td> </tr> </table> </div> <!-- banner header --> <div id="bodyContent"> <div id="contextContent"> <div id="description"> <p> This cookie-based session store is the Rails default. Sessions typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. Cookie-based sessions are dramatically faster than the alternatives. </p> <p> If you have more than 4K of session data or don‘t want your data to be visible to the user, pick another session store. </p> <p> <a href="CookieStore/CookieOverflow.html">CookieOverflow</a> is raised if you attempt to store more than 4K of data. </p> <p> A message digest is included with the cookie to ensure data integrity: a user cannot alter his <tt>user_id</tt> without knowing the secret key included in the hash. New apps are generated with a pregenerated secret in config/environment.rb. Set your own for old apps you‘re upgrading. </p> <p> <a href="../Session.html">Session</a> options: </p> <ul> <li><tt>:secret</tt>: An application-wide key string or block returning a string called per generated digest. The block is called with the CGI::Session instance as an argument. It‘s important that the secret is not vulnerable to a dictionary attack. Therefore, you should choose a secret consisting of random numbers and letters and more than 30 characters. Examples: <pre> :secret => '449fe2e7daee471bffae2fd8dc02313d' :secret => Proc.new { User.current_user.secret_key } </pre> </li> <li><tt>:digest</tt>: The message digest algorithm used to verify session integrity defaults to ‘SHA1’ but may be any digest provided by OpenSSL, such as ‘MD5’, ‘RIPEMD160’, ‘SHA256’, etc. </li> </ul> <p> To generate a secret key for an existing application, run "rake secret" and set the key in config/environment.rb. </p> <p> Note that changing digest or secret invalidates all existing sessions! </p> </div> </div> <div id="method-list"> <h3 class="section-bar">Methods</h3> <div class="name-list"> <a href="#M000138">call</a> <a href="#M000137">new</a> </div> </div> </div> <!-- if includes --> <div id="section"> <div id="class-list"> <h3 class="section-bar">Classes and Modules</h3> Class <a href="CookieStore/CookieOverflow.html" class="link">ActionController::Session::CookieStore::CookieOverflow</a><br /> </div> <div id="constants-list"> <h3 class="section-bar">Constants</h3> <div class="name-list"> <table summary="Constants"> <tr class="top-aligned-row context-row"> <td class="context-item-name">MAX</td> <td>=</td> <td class="context-item-value">4096</td> <td width="3em"> </td> <td class="context-item-desc"> <a href="../Cookies.html">Cookies</a> can typically store 4096 bytes. </td> </tr> <tr class="top-aligned-row context-row"> <td class="context-item-name">SECRET_MIN_LENGTH</td> <td>=</td> <td class="context-item-value">30</td> </tr> <tr class="top-aligned-row context-row"> <td class="context-item-name">DEFAULT_OPTIONS</td> <td>=</td> <td class="context-item-value">{ :key => '_session_id', :domain => nil, :path => "/", :expire_after => nil, :httponly => true</td> </tr> <tr class="top-aligned-row context-row"> <td class="context-item-name">ENV_SESSION_KEY</td> <td>=</td> <td class="context-item-value">"rack.session".freeze</td> </tr> <tr class="top-aligned-row context-row"> <td class="context-item-name">ENV_SESSION_OPTIONS_KEY</td> <td>=</td> <td class="context-item-value">"rack.session.options".freeze</td> </tr> <tr class="top-aligned-row context-row"> <td class="context-item-name">HTTP_SET_COOKIE</td> <td>=</td> <td class="context-item-value">"Set-Cookie".freeze</td> </tr> </table> </div> </div> <!-- if method_list --> <div id="methods"> <h3 class="section-bar">Public Class methods</h3> <div id="method-M000137" class="method-detail"> <a name="M000137"></a> <div class="method-heading"> <a href="CookieStore.src/M000137.html" target="Code" class="method-signature" onclick="popupCode('CookieStore.src/M000137.html');return false;"> <span class="method-name">new</span><span class="method-args">(app, options = {})</span> </a> </div> <div class="method-description"> </div> </div> <h3 class="section-bar">Public Instance methods</h3> <div id="method-M000138" class="method-detail"> <a name="M000138"></a> <div class="method-heading"> <a href="CookieStore.src/M000138.html" target="Code" class="method-signature" onclick="popupCode('CookieStore.src/M000138.html');return false;"> <span class="method-name">call</span><span class="method-args">(env)</span> </a> </div> <div class="method-description"> </div> </div> </div> </div> <div id="validator-badges"> <p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p> </div> </body> </html>