diff options
| -rw-r--r-- | app/controllers/application_controller.rb | 21 | ||||
| -rw-r--r-- | config/environment.rb | 4 | ||||
| -rw-r--r-- | spec/controllers/user_controller_spec.rb | 9 |
3 files changed, 17 insertions, 17 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5055519ec..1addc5bab 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -40,21 +40,12 @@ class ApplicationController < ActionController::Base before_filter :session_remember_me def session_remember_me # Reset the "sliding window" session expiry time. - if session[:remember_me] - expire_time = 1.month.from_now - # "Why is session[:force_new_cookie] set to Time.now? In order for the “sliding window” - # concept to work, a fresh cookie must be sent with every response. Rails only - # sends a cookie when the session data has changed so using a value like Time.now - # ensures that it changes every time. What I have actually found is that some - # internal voodoo causes the session data to change slightly anyway but it’s best - # to be sure!" - session[:force_new_cookie] = Time.now - else - expire_time = nil - end - # if statement here is so test code runs - if session.instance_variable_get(:@dbman) - session.instance_variable_get(:@dbman).instance_variable_get(:@cookie_options)['expires'] = expire_time + if request.env['rack.session.options'] + if session[:remember_me] + request.env['rack.session.options'][:expire_after] = 1.month + else + request.env['rack.session.options'][:expire_after] = nil + end end end diff --git a/config/environment.rb b/config/environment.rb index da45d9ed3..44f541122 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -45,8 +45,8 @@ Rails::Initializer.run do |config| # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. config.action_controller.session = { - :session_key => '_foi_cookie_session', - :secret => MySociety::Config.get("COOKIE_STORE_SESSION_SECRET", 'this default is insecure as code is open source, please override for live sites in config/general; this will do for local development'), + :session_key => '_wdtk_cookie_session', + :secret => MySociety::Config.get("COOKIE_STORE_SESSION_SECRET", 'this default is insecure as code is open source, please override for live sites in config/general; this will do for local development') } config.action_controller.session_store = :cookie_store diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index f6f3c16ca..83abbfe3d 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -84,6 +84,15 @@ describe UserController, "when signing in" do response.should_not send_email end +# No idea how to test this in the test framework :( +# it "should have set a long lived cookie if they picked remember me, session cookie if they didn't" do +# get :signin, :r => "/list" +# response.should render_template('sign') +# post :signin, { :user_signin => { :email => 'bob@localhost', :password => 'jonespassword' } } +# session[:user_id].should == users(:bob_smith_user).id +# raise session.options.to_yaml # check cookie lasts a month +# end + it "should ask you to confirm your email if it isn't confirmed, after log in" do get :signin, :r => "/list" response.should render_template('sign') |