* Fix #4058 - Use a long-lived cookie to keep track of user-level sessions * Fix tests, smooth migrate from previous session-based identifier
This commit is contained in:
parent
7a549f830e
commit
00df69bc89
@ -70,7 +70,7 @@ class ApplicationController < ActionController::Base
|
|||||||
end
|
end
|
||||||
|
|
||||||
def current_session
|
def current_session
|
||||||
@current_session ||= SessionActivation.find_by(session_id: session['auth_id'])
|
@current_session ||= SessionActivation.find_by(session_id: cookies.signed['_session_id'])
|
||||||
end
|
end
|
||||||
|
|
||||||
def cache_collection(raw, klass)
|
def cache_collection(raw, klass)
|
||||||
|
@ -1,17 +1,29 @@
|
|||||||
Warden::Manager.after_set_user except: :fetch do |user, warden|
|
Warden::Manager.after_set_user except: :fetch do |user, warden|
|
||||||
SessionActivation.deactivate warden.raw_session['auth_id']
|
SessionActivation.deactivate warden.cookies.signed['_session_id']
|
||||||
warden.raw_session['auth_id'] = user.activate_session(warden.request)
|
|
||||||
|
warden.cookies.signed['_session_id'] = {
|
||||||
|
value: user.activate_session(warden.request),
|
||||||
|
expires: 1.year.from_now,
|
||||||
|
httponly: true,
|
||||||
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
Warden::Manager.after_fetch do |user, warden|
|
Warden::Manager.after_fetch do |user, warden|
|
||||||
unless user.session_active?(warden.raw_session['auth_id'])
|
if user.session_active?(warden.cookies.signed['_session_id'] || warden.raw_session['auth_id'])
|
||||||
|
warden.cookies.signed['_session_id'] = {
|
||||||
|
value: warden.cookies.signed['_session_id'] || warden.raw_session['auth_id'],
|
||||||
|
expires: 1.year.from_now,
|
||||||
|
httponly: true,
|
||||||
|
}
|
||||||
|
else
|
||||||
warden.logout
|
warden.logout
|
||||||
throw :warden, message: :unauthenticated
|
throw :warden, message: :unauthenticated
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
Warden::Manager.before_logout do |_, warden|
|
Warden::Manager.before_logout do |_, warden|
|
||||||
SessionActivation.deactivate warden.raw_session['auth_id']
|
SessionActivation.deactivate warden.cookies.signed['_session_id']
|
||||||
|
warden.cookies.delete('_session_id')
|
||||||
end
|
end
|
||||||
|
|
||||||
Devise.setup do |config|
|
Devise.setup do |config|
|
||||||
|
@ -20,11 +20,16 @@ Sidekiq::Logging.logger = nil
|
|||||||
Devise::Test::ControllerHelpers.module_eval do
|
Devise::Test::ControllerHelpers.module_eval do
|
||||||
alias_method :original_sign_in, :sign_in
|
alias_method :original_sign_in, :sign_in
|
||||||
|
|
||||||
def sign_in(resource, deprecated = nil, scope: nil)
|
def sign_in(resource, _deprecated = nil, scope: nil)
|
||||||
original_sign_in(resource, scope: scope)
|
original_sign_in(resource, scope: scope)
|
||||||
|
|
||||||
SessionActivation.deactivate warden.raw_session["auth_id"]
|
SessionActivation.deactivate warden.cookies.signed['_session_id']
|
||||||
warden.raw_session["auth_id"] = resource.activate_session(warden.request)
|
|
||||||
|
warden.cookies.signed['_session_id'] = {
|
||||||
|
value: resource.activate_session(warden.request),
|
||||||
|
expires: 1.year.from_now,
|
||||||
|
httponly: true,
|
||||||
|
}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user