CGI/session adds session_id in hidden fields

P

Patrick Gundlach

Dear all,

I use ruby for cgi development and use the CGI::Session module. But
that module adds lines like

<INPUT TYPE=HIDDEN NAME="_session_id" VALUE="7245f27c4d765f92">

to my html files. I need to make the CGI::Session module to stop this.
How can I do so?

Background: I store the files that are generated from my ruby script
on the webserver as cache files. So the next visitor would get the
file with my session id.

Patrick
 
N

nobu.nokada

Hi,

At Fri, 17 Dec 2004 07:07:13 +0900,
Patrick Gundlach wrote in [ruby-talk:123850]:
I use ruby for cgi development and use the CGI::Session module. But
that module adds lines like

<INPUT TYPE=HIDDEN NAME="_session_id" VALUE="7245f27c4d765f92">

to my html files. I need to make the CGI::Session module to stop this.
How can I do so?
Click to expand...

Currently, CGI::Session always emit the HIDDEN field. This
patch is to stop it by adding an option 'by_hidden'=>false.


Index: lib/cgi/session.rb
===================================================================
RCS file: /cvs/ruby/src/ruby/lib/cgi/session.rb,v
retrieving revision 1.35
diff -U2 -p -d -r1.35 session.rb
--- lib/cgi/session.rb 15 Dec 2004 06:35:52 -0000 1.35
+++ lib/cgi/session.rb 17 Dec 2004 00:56:31 -0000
@@ -254,6 +254,5 @@ class CGI
end
unless session_id
- if request.key?(session_key)
- session_id = request[session_key]
+ if session_id = request[session_key]
session_id = session_id.read if session_id.respond_to?:)read)
end
@@ -262,5 +261,5 @@ class CGI
end
unless session_id
- if option.key?('new_session') and not option['new_session']
+ unless option.fetch('new_session', true)
raise ArgumentError, "session_key `%s' should be supplied"%session_key
end
@@ -273,5 +272,5 @@ class CGI
@dbman = dbman::new(self, option)
rescue NoSession
- if option.key?('new_session') and not option['new_session']
+ unless option.fetch('new_session', true)
raise ArgumentError, "invalid session_id `%s'"%session_id
end
@@ -280,5 +279,5 @@ class CGI
end
request.instance_eval do
- @output_hidden = {session_key => session_id}
+ @output_hidden = {session_key => session_id} if option.fetch('by_hidden', true)
@output_cookies = [
Cookie::new("name" => session_key,
@@ -294,5 +293,5 @@ class CGI
""
end)
- ]
+ ] if option.fetch('by_cookies', true)
end
@dbprot = [@dbman]
 
P

Patrick Gundlach

Hi,

Currently, CGI::Session always emit the HIDDEN field. This
patch is to stop it by adding an option 'by_hidden'=>false.
Click to expand...


[...]

Thanks, I'll give it a try.

Patrick
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

CGI::Session Problem 0
CGI::Session weird behavior 2
Run CGI scripts in own webserver 7
problems with session data and given session_id 1
CGI::Session just don't work 3
CGI/Session expiration witch ruby-libs-1.8.6.369-1.fc11.i586 0
CGI Session Synchronization 2
[BUG/PATCH] cgi/session.rb 11

Members online

Total: 37 (members: 3, guests: 34)
Robots: 171

Forum statistics

Threads
473,774
Messages
2,569,596
Members
45,130
Latest member
MitchellTe

Latest Threads

Top