Railsのカスタムセッションストア

Transcript

1. 3BJMTͷΧελϜηογϣϯετΞ

2. 2 ࣗݾ঺հ k-okubo ɾPerl Ͱ CGI ॻ͍ͨΓɺ ɾSIer ͰϝΠϯϑϨʔϜ৮ͬͨΓɺ ɾιγϟή։ൃͰ

   Java/C++ ͨ͠Γͯ͠ɺ ɾ1݄ʹαʔόαΠυΤϯδχΞͱͯ͠ ɹFablic ʹೖࣾ

3. 3 ࠓ೔࿩͢͜ͱ 2ͭͷRailsΞϓϦέʔγϣϯؒͰ ηογϣϯ৘ใΛڞ༗Խͨ͠࿩

4. 4 ݩʑͷηογϣϯઃఆ GSJMKQ
   ओʹ1$޲͚αΠτ Set-Cookie: _fril_user_session=… ҉߸Խ͋Γ
   CBTFॻ͖ग़͠ XFCGSJMKQ
   औҾϖʔδ

   
   ϞόΠϧ͔Β΋ΞΫηε Set-Cookie: _fril_web_session=… ҉߸Խͳ͠
   CBTFॻ͖ग़͠

5. 5 w ڞ௨ͷηογϣϯΛ࢖͍͍ͨ
   w มߋ͢Δʹ͋ͨͬͯڧ੍ϩάΞ΢τ͸ىͨ͘͜͠ͳ͍ w υϝΠϯຖʹผʑͷηογϣϯ
   w ॻ͖ग़͠ํ๏΋ҟͳΔ ϩάΠϯ৘ใͷड͚౉͕͠Կ͔ͱෆศ

   Ұ෦ηΩϡϦςΟతͳ໰୊΋ࢦఠ͞Ε͍ͯͨ ݩʑͷηογϣϯઃఆ

6. 6 ηογϣϯΛڞ༗Խͭͭ͠ɺ ݹ͍CookieΛ౉͞Εͯ΋ฏؾͳΑ͏ʹ͢Δ

7. 7 ݩʑͷηογϣϯઃఆ GSJMKQ
   ओʹ1$޲͚αΠτ Set-Cookie: _fril_user_session=… ҉߸Խ͋Γ
   CBTFॻ͖ग़͠ XFCGSJMKQ
   औҾϖʔδ

   
   ϞόΠϧ͔Β΋ΞΫηε Set-Cookie: _fril_web_session=… ҉߸Խͳ͠
   CBTFॻ͖ग़͠

8. 8 ηογϣϯઃఆ (Ҡߦظؒத) GSJMKQ
   ओʹ1$޲͚αΠτ Set-Cookie: _fril_user_session=… ҉߸Խ͋Γ
   CBTFॻ͖ग़͠ XFCGSJMKQ
   

   औҾϖʔδ
   ϞόΠϧ͔Β΋ΞΫηε Set-Cookie: _fril_user_session=… ҉߸Խ͋Γ
   CBTFॻ͖ग़͠ ͨͩ͠ Cookie:_fril_web_session Λ౉͞Εͯ΋ಈ͘Α͏ʹ

9. 9 w σϑΥϧτ͸
   DPPLJF@TUPSF
   w ΧελϜηογϣϯετΞΛࢦఆ͢Δ͜ͱ΋Մೳ
   w $PPLJF4UPSF
   Λ֦ுͯ͠ηογϣϯΛڞ௨Խ͠Α͏ Rails.application.config.session_store( :cookie_store, key:

   ‘_myapp_session’ ) ηογϣϯετΞͷઃఆ

10. 10 w3BDL
    .JEEMFXBSF
    ͱͯ͠ಈ࡞
    wΞϓϦέʔγϣϯίʔυதͰ
    TFTTJPO
    ʹΞΫηε͕͋Δͱ
    MPBE@TFTTJPO
    ͕ݺ͹ΕΔ
    w
    SFRVFTU
    ͷ࠷ޙʹ
    DPNNJU@TFTTJPO
    ͢Δ class CookieStore < Rack::Session::Abstract::ID ... end

    class Rack::Session::Abstract::ID def call(env) context(env) end def context(env, app=@app) prepare_session(env) status, headers, body = app.call(env) commit_session(env, status, headers, body) end end CookieStore ͷ࣮૷Λ೷͘

11. 11 ͍ͭ͜Λ֦ு͢Δ

12. 12 def get_cookie(env) cookie_jar(env)[@key] end ηογϣϯͷಡΈࠐΈ෦෼
    CFGPSF w MPBE@TFTTJPO
    ͔Βݺ͹ΕΔ
    w

    $PPLJF
    ͔Βηογϣϯ৘ใΛߏங͢Δ

13. 13 def get_cookie(env) jar = cookie_jar(env) if jar.key?(@key) jar.encrypted[@key] else

    jar.signed[@old_key] end end ηογϣϯͷಡΈࠐΈ෦෼
    BGUFS w ৽
    LFZ
    ͷ
    $PPLJF
    ͕͋Ε͹ͦͬͪΛಡΈࠐΈ
    w ແ͚Ε͹چ
    LFZ
    ͰಡΈࠐΈ

14. 14 ৽چͲͪΒͷ Cookie ͕དྷͯ΋ ηογϣϯ৘ใΛߏஙՄೳ

15. 15 def set_cookie(env, session_id, cookie) cookie_jar(env)[@key] = cookie end ηογϣϯͷॻ͖ग़͠෦෼
    

    CFGPSF w DPNNJU@TFTTJPO
    ͔Βݺ͹ΕΔ
    w ηογϣϯ৘ใΛγϦΞϥΠζͯ͠
    $PPLJF
    ʹอଘ

16. 16 def set_cookie(env, session_id, cookie) jar = cookie_jar(env) jar.encrypted[@key] =

    cookie if jar.key?(@old_key) jar.delete(@old_key) end end ηογϣϯͷॻ͖ग़͠෦෼
    BGUFS w ৽
    LFZ
    Ͱ
    $PPLJF
    ʹॻ͖ग़͠
    w چ
    LFZ
    ͷ
    $PPLJF
    ͸࡟আ

17. 17 class CompatibleCookieStore < ActionDispatch::Session::CookieStore def initialize(app, options = {})

    super(app, options) @old_key = options[:old_session_key] end def get_cookie(env) jar = cookie_jar(env) if jar.key?(@key) jar.encrypted[@key] else jar.signed[@old_key] end end def set_cookie(env, session_id, cookie) jar = cookie_jar(env) jar.encrypted[@key] = cookie if jar.key?(@old_key) jar.delete(@old_key) end end def cookie_jar(env) request = ActionDispatch::Request.new(env) request.cookie_jar end end Rails.application.config.session_store :compatible_cookie_store, key: '_fril_user_session', expire_after: 1.month, domain: ‘.fril.jp’, old_session_key: '_fril_web_session' શମ૾

18. 18 ·ͱΊ w TFTTJPO@TUPSF
    ʹΧελϜΫϥεΛࢦఆ͢Δ͜ͱͰ
    ॊೈ ͳηογϣϯͷಡΈॻ͖Λ͢Δ͜ͱ͕Ͱ͖Δ
    w ࠓճ͸৽چ
    $PPLJF
    ΛಡΊΔΑ͏ʹ͢Δ͜ͱͰڧ੍ϩά Ξ΢τແ͠ͰηογϣϯΛҠߦ͠
    ෳ਺ΞϓϦέʔγϣϯ

    ؒͰηογϣϯͷڞ༗Λ͢Δ͜ͱ͕Ͱ͖ͨ

19. 19 ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠