ID sets up a basic framework for implementing an id based sessioning service. Cookies sent to the client for maintaining sessions will only contain an id reference. Only find_session and write_session are required to be overwritten.

All parameters are optional.

  • :key determines the name of the cookie, by default it is 'rack.session'

  • :path, :domain, :expire_after, :secure, and :httponly set the related cookie options as by Rack::Response::Helpers#set_cookie

  • :skip will not a set a cookie in the response nor update the session state

  • :defer will not set a cookie in the response but still update the session state if it is used with a backend

  • :renew (implementation dependent) will prompt the generation of a new session id, and migration of data to be referenced at the new id. If :defer is set, it will be overridden and the cookie will be set.

  • :sidbits sets the number of bits in length that a generated session id will be.

These options can be set on a per request basis, at the location of env['rack.session.options']. Additionally the id of the session can be found within the options hash at the key :id. It is highly not recommended to change its value.

Is Rack::Utils::Context compatible.

Not included by default; you must require 'rack/session/abstract/id' to use.

DEFAULT_OPTIONS = { :key => RACK_SESSION, :path => '/', :domain => nil, :expire_after => nil, :secure => false, :httponly => true, :defer => false, :renew => false, :sidbits => 128, :cookie_only => true, :secure_random => ::SecureRandom }.freeze
[R] default_options
[R] key
[R] sid_secure
Class Public methods
new(app, options={})
# File lib/rack/session/abstract/id.rb, line 217
def initialize(app, options={})
  @app = app
  @default_options = self.class::DEFAULT_OPTIONS.merge(options)
  @key = @default_options.delete(:key)
  @cookie_only = @default_options.delete(:cookie_only)
Instance Public methods
# File lib/rack/session/abstract/id.rb, line 225
def call(env)
commit_session(req, res)

Acquires the session from the environment and the session id from the session options and passes them to write_session. If successful and the :defer option is not true, a cookie will be added to the response with the session's id.

# File lib/rack/session/abstract/id.rb, line 339
def commit_session(req, res)
  session = req.get_header RACK_SESSION
  options = session.options

  if options[:drop] || options[:renew]
    session_id = delete_session(req, || generate_sid, options)
    return unless session_id

  return unless commit_session?(req, session, options)

  session.send(:load!) unless loaded_session?(session)
  session_id ||=
  session_data = session.to_hash.delete_if { |k,v| v.nil? }

  if not data = write_session(req, session_id, session_data, options)
    req.get_header(RACK_ERRORS).puts("Warning! #{} failed to save session. Content dropped.")
  elsif options[:defer] and not options[:renew]
    req.get_header(RACK_ERRORS).puts("Deferring cookie for #{session_id}") if $VERBOSE
    cookie =
    cookie[:value] = data
    cookie[:expires] = + options[:expire_after] if options[:expire_after]
    cookie[:expires] = + options[:max_age] if options[:max_age]
    set_cookie(req, res, cookie.merge!(options))
context(env, app=@app)
# File lib/rack/session/abstract/id.rb, line 229
def context(env, app=@app)
  req = make_request env
  status, headers, body =
  res = status, headers
  commit_session(req, res)
  [status, headers, body]