generate unique session key instead of id.HEAD master

author: mo khan <mo@mokhan.ca> 2014-11-15 10:34:55 -0700
committer: mo khan <mo@mokhan.ca> 2014-11-15 10:34:55 -0700
commit: acb6b46a6127c1e6ce99eb7777728e98f1b02060 (patch)
tree: ffd95d1f931ade12e87e22cf6f6139c6fd5f2209 /app/models/session.rb
parent: 2059e8bd25d0ad79aaa1099314eddda5cd8c7f4e (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/app/models/session.rb b/app/models/session.rb
index 4e1cc0f..006e847 100644
--- a/app/models/session.rb
+++ b/app/models/session.rb
@@ -1,11 +1,12 @@
 class Session < ActiveRecord::Base
   belongs_to :user
+  before_create :create_key
 
   def access(request)
     self.ip_address = request.remote_ip
     if save
       {
-        value: self.id,
+        value: self.key,
         httponly: true,
         secure: Rails.env.production? || Rails.env.staging?,
         expires: 2.weeks.from_now
@@ -25,7 +26,13 @@ class Session < ActiveRecord::Base
     end
 
     def authenticate!(session_key)
-      active.find(session_key)
+      active.find_by!(key: session_key)
     end
   end
+
+  private
+
+  def create_key
+    self.key = SecureRandom.uuid
+  end
 end
author	mo khan <mo@mokhan.ca>	2014-11-15 10:34:55 -0700
committer	mo khan <mo@mokhan.ca>	2014-11-15 10:34:55 -0700
commit	acb6b46a6127c1e6ce99eb7777728e98f1b02060 (patch)
tree	ffd95d1f931ade12e87e22cf6f6139c6fd5f2209 /app/models/session.rb
parent	2059e8bd25d0ad79aaa1099314eddda5cd8c7f4e (diff)