2019-07-30 13:43:27 +00:00
|
|
|
# Use the database for sessions instead of the cookie-based default,
|
|
|
|
|
# which shouldn't be used to store highly confidential information
|
|
|
|
|
# (create the session table with "rails generate session_migration")
|
|
|
|
|
|
|
|
|
|
module Zammad
|
|
|
|
|
class Application
|
|
|
|
|
class Initializer
|
|
|
|
|
module SessionStore
|
2020-06-22 09:57:45 +00:00
|
|
|
STORE_TYPE = :active_record_store # default: :cookie_store
|
2020-09-30 09:07:01 +00:00
|
|
|
SESSION_KEY = "_zammad_session_#{Digest::MD5.hexdigest(Rails.root.to_s)[5..15]}".freeze # default: '_zammad_session'
|
2019-07-30 13:43:27 +00:00
|
|
|
|
|
|
|
|
def self.perform
|
2021-05-20 06:59:02 +00:00
|
|
|
ActionDispatch::Session::ActiveRecordStore.session_class = Session
|
2019-07-30 13:43:27 +00:00
|
|
|
Rails.application.config.session_store STORE_TYPE,
|
|
|
|
|
key: SESSION_KEY,
|
|
|
|
|
secure: secure?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.secure?
|
|
|
|
|
Setting.get('http_type') == 'https'
|
|
|
|
|
rescue ActiveRecord::StatementInvalid
|
|
|
|
|
false
|
|
|
|
|
end
|
|
|
|
|
private_class_method :secure?
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
