module<\/span> ActionController<\/span><\/div> class<\/span> CgiRequest<\/span> <<\/span> AbstractRequest<\/span><\/div> def<\/span> session<\/span><\/div> unless<\/span> defined?<\/span>(<\/span>@session<\/span>)<\/span><\/div> if<\/span> @session_options<\/span> ==<\/span> false<\/span><\/div> @session<\/span> =<\/span> Hash<\/span>.<\/span>new<\/span><\/div> else<\/span><\/div> stale_session_check!<\/span> do<\/span><\/div> session_key<\/span> =<\/span> session_options_with_string_keys<\/span>[<\/span>'session_key'<\/span>]<\/span><\/div> if<\/span> cookie_only?<\/span> &&<\/span> query_parameters<\/span>[<\/span>session_key<\/span>]<\/span><\/div> raise<\/span> SessionFixationAttempt<\/span><\/div> end<\/span><\/div> if<\/span> !<\/span>cookie_only?<\/span> &&<\/span> @cgi<\/span>.<\/span>cookies<\/span>[<\/span>session_key<\/span>].<\/span>empty?<\/span><\/div> session_data<\/span> =<\/span> nil<\/span><\/div> if<\/span> query_parameters<\/span>[<\/span>session_key<\/span>]<\/span><\/div> session_data<\/span> =<\/span> [<\/span>query_parameters<\/span>[<\/span>session_key<\/span>]]<\/span><\/div> else<\/span><\/div> post_data<\/span> =<\/span> CGI<\/span>.<\/span>parse<\/span>(<\/span>body<\/span>.<\/span>read<\/span>)<\/span><\/div> session_data<\/span> =<\/span> post_data<\/span>[<\/span>session_key<\/span>]<\/span><\/div> end<\/span><\/div> @cgi<\/span>.<\/span>params<\/span>[<\/span>session_key<\/span>]<\/span> =<\/span> session_data<\/span> if<\/span> session_data<\/span><\/div> end<\/span><\/div> case<\/span> value<\/span> =<\/span> session_options_with_string_keys<\/span>[<\/span>'new_session'<\/span>]<\/span><\/div> when<\/span> true<\/span><\/div> @session<\/span> =<\/span> new_session<\/span><\/div> when<\/span> false<\/span><\/div> begin<\/span><\/div> @session<\/span> =<\/span> CGI<\/span>::<\/span>Session<\/span>.<\/span>new<\/span>(<\/span>@cgi<\/span>,<\/span> session_options_with_string_keys<\/span>)<\/span><\/div> # CGI::Session raises ArgumentError if 'new_session' == false<\/span><\/div> # and no session cookie or query param is present.<\/span><\/div> rescue<\/span> ArgumentError<\/span><\/div> @session<\/span> =<\/span> Hash<\/span>.<\/span>new<\/span><\/div> end<\/span><\/div> when<\/span> nil<\/span><\/div> @session<\/span> =<\/span> CGI<\/span>::<\/span>Session<\/span>.<\/span>new<\/span>(<\/span>@cgi<\/span>,<\/span> session_options_with_string_keys<\/span>)<\/span><\/div> else<\/span><\/div> raise<\/span> ArgumentError<\/span>,<\/span> "Invalid new_session option: <\/span>#{<\/span>value<\/span>}<\/span>"<\/span><\/div> end<\/span><\/div> @session<\/span>[<\/span>'__valid_session'<\/span>]<\/span><\/div> end<\/span><\/div> end<\/span><\/div> end<\/span><\/div> @session<\/span><\/div> end<\/span><\/div> end<\/span><\/div>end<\/span><\/div> <\/div><\/pre><\/div>\n \n <\/div>\n\n