Class: Merb::CookieStore
If you have more than 4K of session data or don‘t want your data to be visible to the user, pick another session store.
CookieOverflow is raised if you attempt to store more than 4K of data. TamperedWithCookie is raised if the data integrity check fails.
A message digest is included with the cookie to ensure data integrity: a user cannot alter session data without knowing the secret key included in the hash.
To use Cookie Sessions, set in config/merb.yml
:session_secret_key - your secret digest key :session_store: cookie
Child modules and classes
Class Merb::CookieStore::CookieOverflow
Class Merb::CookieStore::TamperedWithCookie
Constants
| Name | Value |
|---|---|
| MAX | 4096 |
| DIGEST | OpenSSL::Digest::Digest.new('SHA1') |
Attributes
| Name | Read/write? |
|---|---|
| data | R |
Public Class Methods
new (cookie, secret)
# File lib/merb/session/cookie_store.rb, line 59 59: def initialize(cookie, secret) 60: if secret.nil? or secret.blank? 61: raise ArgumentError, 'A secret is required to generate an integrity hash for cookie session data.' 62: end 63: @secret = secret 64: @data = unmarshal(cookie) || Hash.new 65: end
Public Instance Methods
[] (k)
# File lib/merb/session/cookie_store.rb, line 82 82: def [](k) 83: @data[k] 84: end
[]= (k, v)
assigns a key value pair
# File lib/merb/session/cookie_store.rb, line 78 78: def []=(k, v) 79: @data[k] = v 80: end
each (&b)
# File lib/merb/session/cookie_store.rb, line 86 86: def each(&b) 87: @data.each(&b) 88: end
read_cookie ()
return a cookie value. raises CookieOverflow if session contains too much information
# File lib/merb/session/cookie_store.rb, line 69 69: def read_cookie 70: unless @data.nil? or @data.empty? 71: updated = marshal(@data) 72: raise CookieOverflow if updated.size > MAX 73: updated 74: end 75: end