ソース読み
GitHub からソース入手。rails -v したら 3.2.13 との事でしたのでそれを checkout。M-x find-grep してみるに以下なカンジ。
./actionpack/lib/action_controller/base.rb:84: # or you can remove the entire session with +reset_session+. ./actionpack/lib/action_controller/metal/rack_delegation.rb:22: def reset_session ./actionpack/lib/action_controller/metal/rack_delegation.rb:23: @_request.reset_session ./actionpack/lib/action_controller/metal/request_forgery_protection.rb:85: reset_session ./actionpack/lib/action_dispatch/http/request.rb:215: def reset_session
とりあえず
./actionpack/lib/action_controller/base.rb のソレを確認してみます。以下にコメント引用。つうかこれから以下を解読。
== Sessions
Sessions allow you to store objects in between requests. This is useful for objects that are not yet ready to be persisted, such as a Signup object constructed in a multi-paged process, or objects that don't change much and are needed all the time, such as a User object for a system that requires login. The session should not be used, however, as a cache for objects where it's likely they could be changed unknowingly. It's usually too much work to keep it all synchronized -- something databases already excel at.
You can place objects in the session by using the session method, which accesses a hash:
session[:person] = Person.authenticate(user_name, password)
And retrieved again through the same hash:
Hello #{session[:person]}
For removing objects from the session, you can either assign a single key to +nil+:
removes :person from session
session[:person] = nilor you can remove the entire session with +reset_session+.
Sessions are stored by default in a browser cookie that's cryptographically signed, but unencrypted.
This prevents the user from tampering with the session but also allows him to see its contents.Do not put secret information in cookie-based sessions!
Other options for session storage:
* ActiveRecord::SessionStore - Sessions are stored in your database, which works better than PStore with multiple app servers and,
unlike CookieStore, hides your session contents from the user. To use ActiveRecord::SessionStore, setMyApplication::Application.config.session_store :active_record_store
in your config/initializers/session_store.rb and run script/rails g session_migration.
うーん。
こんなの見つけた
# This is the method that defines the application behavior when a request is found to be unverified. # By default, \Rails resets the session when it finds an unverified request. def handle_unverified_request reset_session end
これで grep してみたら良さげw
でも今日はこれで終わりというか朝練継続ということでorz