CGI/session adds session_id in hidden fields

===================================================================
RCS file: /cvs/ruby/src/ruby/lib/cgi/session.rb,v
retrieving revision 1.35
diff -U2 -p -d -r1.35 session.rb
--- lib/cgi/session.rb 15 Dec 2004 06:35:52 -0000 1.35
+++ lib/cgi/session.rb 17 Dec 2004 00:56:31 -0000
@@ -254,6 +254,5 @@ class CGI
       end
       unless session_id
- if request.key?(session_key)
- session_id = request[session_key]
+ if session_id = request[session_key]
     session_id = session_id.read if session_id.respond_to?(:read)
   end
@@ -262,5 +261,5 @@ class CGI
   end
   unless session_id
- if option.key?('new_session') and not option['new_session']
+ unless option.fetch('new_session', true)
       raise ArgumentError, "session_key `%s' should be supplied"%session_key
     end
@@ -273,5 +272,5 @@ class CGI
         @dbman = dbman::new(self, option)
       rescue NoSession
- if option.key?('new_session') and not option['new_session']
+ unless option.fetch('new_session', true)
           raise ArgumentError, "invalid session_id `%s'"%session_id
         end
@@ -280,5 +279,5 @@ class CGI
       end
       request.instance_eval do
- @output_hidden = {session_key => session_id}
+ @output_hidden = {session_key => session_id} if option.fetch('by_hidden', true)
   @output_cookies = [
           Cookie::new("name" => session_key,
@@ -294,5 +293,5 @@ class CGI
           ""
         end)
- ]
+ ] if option.fetch('by_cookies', true)
       end
       @dbprot = [@dbman]

--
Nobu Nakada

In message "Re: CGI/session adds session_id in hidden fields" on Fri, 17 Dec 2004 10:07:58 +0900, nobu.nokada@softhome.net writes:

Currently, CGI::Session always emit the HIDDEN field. This
patch is to stop it by adding an option 'by_hidden'=>false.

It's nice feature to have, except that I'd use "no_hidden" (in reverse
manner) instead of "by_hidden". Commit the patch, please?

              matz.

--
.... Press any key. Then press the any other key.