Cerise supports sessions for maintaining state between requests. A
session is a collection of key-value pairs that is associated with a
particular user using cookies. Once a session is created, it is
available on every subsequent request via request.session.
Cerise::SessionManager provides an interface for
creating and retrieving sessions. Cerise currently has a single
SessionManager that stores sessions in memory, but others may be
written that store the session to a database, etc. Unused sessions
may be discarded, Cerise::SessionManager accepts an
initialization parameter :timeout which is the timeout value
in seconds.
A single server supports multiple SessionManagers, which are
configured in server.cfg. Each
application can be linked to one of the SessionManagers via
app.cfg. Multiple apps that want to
share sessions should use the same session manager.
| method | description |
|---|---|
| initialize(server, params) | initialize a new SessionManager |
| new_session | create and return a new session |
| get_session(session_id) | return the session corresponding to the session_id |
| delete_session(session) | delete the session |
| generate_id | generate a new session id, should be cryptographically secure |
The default Cerise::Session is a simple extension of Hash
with session_id and last_used accessors added.
Cerise passes a cookie named CERISEID to the client when a session
is requested. The value of this cookie is the session id. Each request
that comes in is checked for this CERISEID cookie, and when present,
SessionManager.get_session(session_id) is called to
associate the request with a session.