Module ActionController::SessionManagement::ClassMethods
In: vendor/rails/actionpack/lib/action_controller/session_management.rb

Methods

Public Instance methods

Specify how sessions ought to be managed for a subset of the actions on the controller. Like filters, you can specify :only and :except clauses to restrict the subset, otherwise options apply to all actions on this controller.

The session options are inheritable, as well, so if you specify them in a parent controller, they apply to controllers that extend the parent.

Usage:

  # turn off session management for all actions.
  session :off

  # turn off session management for all actions _except_ foo and bar.
  session :off, :except => %w(foo bar)

  # turn off session management for only the foo and bar actions.
  session :off, :only => %w(foo bar)

  # the session will only work over HTTPS, but only for the foo action
  session :only => :foo, :session_secure => true

  # the session by default uses HttpOnly sessions for security reasons.
  # this can be switched off.
  session :only => :foo, :session_http_only => false

  # the session will only be disabled for 'foo', and only if it is
  # requested as a web service
  session :off, :only => :foo,
          :if => Proc.new { |req| req.parameters[:ws] }

  # the session will be disabled for non html/ajax requests
  session :off,
    :if => Proc.new { |req| !(req.format.html? || req.format.js?) }

  # turn the session back on, useful when it was turned off in the
  # application controller, and you need it on in another controller
  session :on

All session options described for ActionController::Base.process_cgi are valid arguments.

[Source]

    # File vendor/rails/actionpack/lib/action_controller/session_management.rb, line 82
82:       def session(*args)
83:         options = args.extract_options!
84: 
85:         options[:disabled] = false if args.delete(:on)
86:         options[:disabled] = true if !args.empty?
87:         options[:only] = [*options[:only]].map { |o| o.to_s } if options[:only]
88:         options[:except] = [*options[:except]].map { |o| o.to_s } if options[:except]
89:         if options[:only] && options[:except]
90:           raise ArgumentError, "only one of either :only or :except are allowed"
91:         end
92: 
93:         write_inheritable_array(:session_options, [options])
94:       end
session=(*args)

Alias for session

Returns the hash used to configure the session. Example use:

  ActionController::Base.session_options[:session_secure] = true # session only available over HTTPS

[Source]

    # File vendor/rails/actionpack/lib/action_controller/session_management.rb, line 37
37:       def session_options
38:         ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS
39:       end

Returns the session store class currently used.

[Source]

    # File vendor/rails/actionpack/lib/action_controller/session_management.rb, line 30
30:       def session_store
31:         ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager]
32:       end

Set the session store to be used for keeping the session data between requests. By default, sessions are stored in browser cookies (:cookie_store), but you can also specify one of the other included stores (:active_record_store, :p_store, :drb_store, :mem_cache_store, or :memory_store) or your own custom class.

[Source]

    # File vendor/rails/actionpack/lib/action_controller/session_management.rb, line 24
24:       def session_store=(store)
25:         ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager] =
26:           store.is_a?(Symbol) ? CGI::Session.const_get(store == :drb_store ? "DRbStore" : store.to_s.camelize) : store
27:       end

[Validate]