class Authenticatable::Serializers::Session

Public Instance Methods

fetch() click to toggle source

Fetch record from Rack session. Example:

serializer.fetch(:user) => <#User>
# File lib/authenticatable/serializers/session.rb, line 9
def fetch
  return nil unless (record_id = request.session[session_key])

  resource_class.find_by(id: record_id)
end
purge!() click to toggle source

Delete record id from Rack session Usage:

serializer.purge
# File lib/authenticatable/serializers/session.rb, line 27
def purge!
  request.session.delete(session_key)
end
store(id) click to toggle source

Store record id in Rack session. Usage:

serializer.store(@resource)
# File lib/authenticatable/serializers/session.rb, line 18
def store(id)
  delete_csrf_token
  renew_session_id
  request.session[session_key] = id
end

Private Instance Methods

delete_csrf_token() click to toggle source

Protect against cross-site request forgery (CSRF) by cleaning up the CSRF Token on authentication.

# File lib/authenticatable/serializers/session.rb, line 41
def delete_csrf_token
  request.session.delete("_csrf_token")
end
renew_session_id() click to toggle source

Protection against sessions fixation attacks by clearing the session_id on authentication.

# File lib/authenticatable/serializers/session.rb, line 34
def renew_session_id
  return if request.env["rack.session.options"].blank?

  request.env["rack.session.options"][:renew] = true
end
session_key() click to toggle source

Returns the session key for a scoped authenticatable session.

# File lib/authenticatable/serializers/session.rb, line 46
def session_key
  :"authenticatable_#{@scope}_id"
end