class Authenticatable::Serializers::Session
Public Instance Methods
fetch()
click to toggle source
Fetch record from Rack session. Example:
serializer.fetch(:user) => <#User>
# File lib/authenticatable/serializers/session.rb, line 9 def fetch return nil unless (record_id = request.session[session_key]) resource_class.find_by(id: record_id) end
purge!()
click to toggle source
Delete record id from Rack session Usage:
serializer.purge
# File lib/authenticatable/serializers/session.rb, line 27 def purge! request.session.delete(session_key) end
store(id)
click to toggle source
Store record id in Rack session. Usage:
serializer.store(@resource)
# File lib/authenticatable/serializers/session.rb, line 18 def store(id) delete_csrf_token renew_session_id request.session[session_key] = id end
Private Instance Methods
delete_csrf_token()
click to toggle source
Protect against cross-site request forgery (CSRF) by cleaning up the CSRF Token
on authentication.
# File lib/authenticatable/serializers/session.rb, line 41 def delete_csrf_token request.session.delete("_csrf_token") end
renew_session_id()
click to toggle source
Protection against sessions fixation attacks by clearing the session_id on authentication.
# File lib/authenticatable/serializers/session.rb, line 34 def renew_session_id return if request.env["rack.session.options"].blank? request.env["rack.session.options"][:renew] = true end
session_key()
click to toggle source
Returns the session key for a scoped authenticatable session.
# File lib/authenticatable/serializers/session.rb, line 46 def session_key :"authenticatable_#{@scope}_id" end