Skip to content

Instantly share code, notes, and snippets.

@nguyenchiencong
Forked from marcosgz/application.html.erb
Last active August 29, 2015 14:08
Show Gist options
  • Save nguyenchiencong/84c37aa3957ba687bd6e to your computer and use it in GitHub Desktop.
Save nguyenchiencong/84c37aa3957ba687bd6e to your computer and use it in GitHub Desktop.
<!DOCTYPE html>
<html>
<head>
<!-- (...) -->
<%= csrf_meta_tag unless response.cache_control[:public] %>
<!-- (...) -->
</head>
<body>
<!-- (...) -->
<% unless response.cache_control[:public] %>
<% flash.each do |name, msg| %>
<%= content_tag :div, msg, id: "flash_#{name}" %>
<% end %>
<% end %>
<!-- (...) -->
</body>
</html>
require 'strip_empty_sessions'
config.middleware.insert_before ActionDispatch::Cookies, StripEmptySessions, :key => "your_session_key", :path => "/", :httponly => true
class ApplicationController < ActionController::Base
include Lacquer::CacheUtils
protect_from_forgery if: signed_in?
skip_before_filter :verify_authenticity_token, unless: signed_in?
before_filter do |controller|
if signed_in? or request.xhr?
controller.set_cache_ttl(0)
end
end
protected
def form_authenticity_token
if signed_in?
session[:_csrf_token] ||= SecureRandom.base64(32)
end
end
end
config.middleware.delete 'Rack::Cache'
class SessionsController < ApplicationController
def destroy
request.env["cookie.logout"] = true
end
end
class StripEmptySessions
ENV_SESSION_KEY = "rack.session".freeze
HTTP_SET_COOKIE = "Set-Cookie".freeze
BOGUS_KEYS = [:session_id, :_csrf_token]
def initialize(app, options = {})
@app = app
@options = options
end
def call(env)
status, headers, body = @app.call(env)
session_data = env[ENV_SESSION_KEY]
if env["cookie.logout"]
cookie = build_cookie(@options[:key], {
:value => 'x',
:expires => -1.year.from_now.utc
}.merge(@options))
case headers[HTTP_SET_COOKIE].class.name
when 'NilClass'
headers[HTTP_SET_COOKIE] = cookie
when 'Array'
headers[HTTP_SET_COOKIE] << cookie
when 'String'
headers[HTTP_SET_COOKIE] << "\n#{cookie}"
end
elsif (session_data.keys - BOGUS_KEYS).empty?
case headers[HTTP_SET_COOKIE].class.name
when 'Array'
headers[HTTP_SET_COOKIE].reject! {|c| c.match(/^\n?#{@options[:key]}=/)}
when 'String'
headers[HTTP_SET_COOKIE].gsub!( /(^|\n)#{@options[:key]}=(.*)?(\n|$)/, "" )
end
end
[status, headers, body]
end
private
# Copied from the cookie session middleware.
def build_cookie(key, value)
case value
when Hash
domain = "; domain=" + value[:domain] if value[:domain]
path = "; path=" + value[:path] if value[:path]
# According to RFC 2109, we need dashes here.
# N.B.: cgi.rb uses spaces...
expires = "; expires=" + value[:expires].clone.gmtime.
strftime("%a, %d-%b-%Y %H:%M:%S GMT") if value[:expires]
secure = "; secure" if value[:secure]
httponly = "; HttpOnly" if value[:httponly]
value = value[:value]
end
value = [value] unless Array === value
Rack::Utils.escape(key) + "=" +
value.map { |v| Rack::Utils.escape(v) }.join("&") +
"#{domain}#{path}#{expires}#{secure}#{httponly}"
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment