Commit bff28ab
Changed files (3)
app
controllers
models
spec
controllers
app/controllers/sessions_controller.rb
@@ -13,6 +13,7 @@ class SessionsController < ApplicationController
def create
if @session = @login_command.run(self)
session[:user_session_id] = @session.id
+ cookies.signed[:raphael] = @session.access(request)
redirect_to root_path(anchor: '')
else
flash[:error] = I18n.translate(:invalid_credentials)
app/models/session.rb
@@ -1,3 +1,12 @@
class Session < ActiveRecord::Base
belongs_to :user
+
+ def access(request)
+ {
+ value: id,
+ httponly: true,
+ secure: Rails.env.production? || Rails.env.staging?,
+ expires: 2.weeks.from_now
+ }
+ end
end
spec/controllers/sessions_controller_spec.rb
@@ -48,6 +48,10 @@ describe SessionsController do
expect(session[:user_session_id]).to eql(last_session.id)
expect(last_session.ip_address).to eql("0.0.0.0")
end
+
+ it 'assigns a session key to a secure cookie' do
+ expect(cookies.signed[:raphael]).to eql(Session.last.id)
+ end
end
end