Setting cookies in service overloader thingo

Sat May 17 03:10:02 EDT 2008

I'm implementing a simpler version of the Cookie Session Store in  
Rails 2.0. If you know what that is, skip the next paragraph.

A cookie session store stores the session data inside cookies, on the  
client, and signs them using a secret string, hashed together. The  
user can decode the cookie easily if they know much about computers  
and see what's inside, but they can't alter it because they can't  
generate the needed hash to sign it, and the server will ignore all  
cookie session data that isn't signed right. It's neat, you don't need  
a database, no file system clutter, and I think it feels really just a  
lot more natural this way.

Trouble is, I'm trying to make it work as a drop in replacement for  
the camping sessions mixin so people can 'upgrade' in either direction  
easily, consider this code however...

>     def service(*a)
>       if @cookies.identity
>         blob, secure_hash = @cookies.identity.to_s.split(':')
>         blob = Base64.decode64(blob)
>         data = Marshal.restore(blob)
>         data = {} unless secure_blob_hasher(blob) == secure_hash
>       else
>         blob = ''
>         data = {}
>       end
>
>       app = self.class.name.gsub(/^(\w+)::.+$/, '\1')
>       @state = (data[app] ||= Camping::H[])
>       hash_before = blob.hash
>       return super(*a)
>     ensure
>       if data
>         data[app] = @state
>         blob = Marshal.dump(data)
>         unless hash_before == blob.hash
>           secure_hash = secure_blob_hasher(blob)
>           @cookies.identity = Base64.encode64(blob).strip + ':' +  
> secure_hash
>         end
>       end
>     end

and there's quite a problem, check out that line, return super(*a),  
and look at the camping source, and soon enough one realises the  
reason this doesn't work at all is that the code inside the super is  
the code converting @cookies in to the Set-Cookie http header, so it's  
too late to set a cookie by the time the ensure block runs and tries  
to save the session.

What should I do? It feels dirty to copy code out of camping.rb that  
serializes the cookies, in effect making it do that twice every time  
the session data and any other cookie data changes (which wouldn't be  
a big deal for my app, but still seems nasty). Anyone got a better idea?

—
Jenna “Where's my oats” Fox
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/camping-list/attachments/20080517/ff1d77d5/attachment-0001.html>