This file provides the CGI::Session
class, which provides session support for CGI
scripts. A session is a sequence of HTTP requests and responses linked together and associated with a single client. Information associated with the session is stored on the server between requests. A session id is passed between client and server with every request and response, transparently to the user. This adds state information to the otherwise stateless HTTP request/response protocol.
A CGI::Session
instance is created from a CGI
object. By default, this CGI::Session
instance will start a new session if none currently exists, or continue the current session for this client if one does exist. The new_session
option can be used to either always or never create a new session. See new() for more details.
delete()
deletes a session from session storage. It does not however remove the session id from the client. If the client makes another request with the same id, the effect will be to start a new session with the old session’s id.
The Session
class associates data with a session as key-value pairs. This data can be set and retrieved by indexing the Session
instance using ‘[]’, much the same as hashes (although other hash methods are not supported).
When session processing has been completed for a request, the session should be closed using the close() method. This will store the session’s state to persistent storage. If you want to store the session’s state to persistent storage without finishing session processing for this request, call the update() method.
The caller can specify what form of storage to use for the session’s data with the database_manager
option to CGI::Session::new
. The following storage classes are provided as part of the standard library:
CGI::Session::FileStore
stores data as plain text in a flat file. Only works with String
data. This is the default storage type.
CGI::Session::MemoryStore
stores data in an in-memory hash. The data only persists for as long as the current Ruby interpreter instance does.
CGI::Session::PStore
stores data in Marshalled format. Provided by cgi/session/pstore.rb. Supports data of any type, and provides file-locking and transaction support.
Custom storage types can also be created by defining a class with the following methods:
new(session, options) restore # returns hash of session data. update close delete
Changing storage type mid-session does not work. Note in particular that by default the FileStore
and PStore
session data files have the same name. If your application switches from one to the other without making sure that filenames will be different and clients still have old sessions lying around in cookies, then things will break nastily!
Most session state is maintained on the server. However, a session id must be passed backwards and forwards between client and server to maintain a reference to this session state.
The simplest way to do this is via cookies. The CGI::Session
class provides transparent support for session id communication via cookies if the client has cookies enabled.
If the client has cookies disabled, the session id must be included as a parameter of all requests sent by the client to the server. The CGI::Session
class in conjunction with the CGI
class will transparently add the session id as a hidden input field to all forms generated using the CGI#form() HTML generation method. No built-in support is provided for other mechanisms, such as URL re-writing. The caller is responsible for extracting the session id from the session_id
attribute and manually encoding it in URLs and adding it as a hidden input to HTML forms created by other mechanisms. Also, session expiry is not automatically handled.
require 'cgi' require 'cgi/session' require 'cgi/session/pstore' # provides CGI::Session::PStore cgi = CGI.new("html4") session = CGI::Session.new(cgi, 'database_manager' => CGI::Session::PStore, # use PStore 'session_key' => '_rb_sess_id', # custom session key 'session_expires' => Time.now + 30 * 60, # 30 minute timeout 'prefix' => 'pstore_sid_') # PStore option if cgi.has_key?('user_name') and cgi['user_name'] != '' # coerce to String: cgi[] returns the # string-like CGI::QueryExtension::Value session['user_name'] = cgi['user_name'].to_s elsif !session['user_name'] session['user_name'] = "guest" end session.close
require 'cgi' require 'cgi/session' cgi = CGI.new("html4") # We make sure to delete an old session if one exists, # not just to free resources, but to prevent the session # from being maliciously hijacked later on. begin session = CGI::Session.new(cgi, 'new_session' => false) session.delete rescue ArgumentError # if no old session end session = CGI::Session.new(cgi, 'new_session' => true) session.close
Class Net::HTTP provides a rich library that implements the client in a client-server model that uses the HTTP request-response protocol. For information about HTTP, see:
If you will make only a few GET requests, consider using OpenURI
.
If you will make only a few requests of all kinds, consider using the various singleton convenience methods in this class. Each of the following methods automatically starts and finishes a session that sends a single request:
# Return string response body. Net::HTTP.get(hostname, path) Net::HTTP.get(uri) # Write string response body to $stdout. Net::HTTP.get_print(hostname, path) Net::HTTP.get_print(uri) # Return response as Net::HTTPResponse object. Net::HTTP.get_response(hostname, path) Net::HTTP.get_response(uri) data = '{"title": "foo", "body": "bar", "userId": 1}' Net::HTTP.post(uri, data) params = {title: 'foo', body: 'bar', userId: 1} Net::HTTP.post_form(uri, params) data = '{"title": "foo", "body": "bar", "userId": 1}' Net::HTTP.put(uri, data)
If performance is important, consider using sessions, which lower request overhead. This session has multiple requests for HTTP methods and WebDAV methods:
Net::HTTP.start(hostname) do |http| # Session started automatically before block execution. http.get(path) http.head(path) body = 'Some text' http.post(path, body) # Can also have a block. http.put(path, body) http.delete(path) http.options(path) http.trace(path) http.patch(path, body) # Can also have a block. http.copy(path) http.lock(path, body) http.mkcol(path, body) http.move(path) http.propfind(path, body) http.proppatch(path, body) http.unlock(path, body) # Session finished automatically at block exit. end
The methods cited above are convenience methods that, via their few arguments, allow minimal control over the requests. For greater control, consider using request objects.
On the internet, a URI
(Universal Resource Identifier) is a string that identifies a particular resource. It consists of some or all of: scheme, hostname, path, query, and fragment; see URI syntax.
A Ruby URI::Generic
object represents an internet URI
. It provides, among others, methods scheme
, hostname
, path
, query
, and fragment
.
An internet URI has a scheme.
The two schemes supported in Net::HTTP are 'https'
and 'http'
:
uri.scheme # => "https" URI('http://example.com').scheme # => "http"
A hostname identifies a server (host) to which requests may be sent:
hostname = uri.hostname # => "jsonplaceholder.typicode.com" Net::HTTP.start(hostname) do |http| # Some HTTP stuff. end
A host-specific path identifies a resource on the host:
_uri = uri.dup _uri.path = '/todos/1' hostname = _uri.hostname path = _uri.path Net::HTTP.get(hostname, path)
A host-specific query adds name/value pairs to the URI:
_uri = uri.dup params = {userId: 1, completed: false} _uri.query = URI.encode_www_form(params) _uri # => #<URI::HTTPS https://jsonplaceholder.typicode.com?userId=1&completed=false> Net::HTTP.get(_uri)
A URI fragment has no effect in Net::HTTP; the same data is returned, regardless of whether a fragment is included.
Request headers may be used to pass additional information to the host, similar to arguments passed in a method call; each header is a name/value pair.
Each of the Net::HTTP methods that sends a request to the host has optional argument headers
, where the headers are expressed as a hash of field-name/value pairs:
headers = {Accept: 'application/json', Connection: 'Keep-Alive'} Net::HTTP.get(uri, headers)
See lists of both standard request fields and common request fields at Request Fields. A host may also accept other custom fields.
A session is a connection between a server (host) and a client that:
Is begun by instance method Net::HTTP#start
.
May contain any number of requests.
Is ended by instance method Net::HTTP#finish
.
See example sessions at Strategies.
If you have many requests to make to a single host (and port), consider using singleton method Net::HTTP.start
with a block; the method handles the session automatically by:
In the block, you can use these instance methods, each of which that sends a single request:
get
, request_get
: GET.
head
, request_head
: HEAD.
post
, request_post
: POST.
delete
: DELETE.
options
: OPTIONS.
trace
: TRACE.
patch
: PATCH.
You can manage a session manually using methods start
and finish
:
http = Net::HTTP.new(hostname) http.start http.get('/todos/1') http.get('/todos/2') http.delete('/posts/1') http.finish # Needed to free resources.
Certain convenience methods automatically handle a session by:
Creating an HTTP object
Starting a session.
Sending a single request.
Finishing the session.
Destroying the object.
Such methods that send GET requests:
::get
: Returns the string response body.
::get_print
: Writes the string response body to $stdout.
::get_response
: Returns a Net::HTTPResponse
object.
Such methods that send POST requests:
::post
: Posts data to the host.
::post_form
: Posts form data to the host.
Many of the methods above are convenience methods, each of which sends a request and returns a string without directly using Net::HTTPRequest and Net::HTTPResponse objects.
You can, however, directly create a request object, send the request, and retrieve the response object; see:
Each returned response is an instance of a subclass of Net::HTTPResponse
. See the response class hierarchy.
In particular, class Net::HTTPRedirection
is the parent of all redirection classes. This allows you to craft a case statement to handle redirections properly:
def fetch(uri, limit = 10) # You should choose a better exception. raise ArgumentError, 'Too many HTTP redirects' if limit == 0 res = Net::HTTP.get_response(URI(uri)) case res when Net::HTTPSuccess # Any success class. res when Net::HTTPRedirection # Any redirection class. location = res['Location'] warn "Redirected to #{location}" fetch(location, limit - 1) else # Any other class. res.value end end fetch(uri)
Basic authentication is performed according to RFC2617:
req = Net::HTTP::Get.new(uri) req.basic_auth('user', 'pass') res = Net::HTTP.start(hostname) do |http| http.request(req) end
By default Net::HTTP reads an entire response into memory. If you are handling large files or wish to implement a progress bar you can instead stream the body directly to an IO
.
Net::HTTP.start(hostname) do |http| req = Net::HTTP::Get.new(uri) http.request(req) do |res| open('t.tmp', 'w') do |f| res.read_body do |chunk| f.write chunk end end end end
HTTPS is enabled for an HTTP connection by Net::HTTP#use_ssl=
:
Net::HTTP.start(hostname, :use_ssl => true) do |http| req = Net::HTTP::Get.new(uri) res = http.request(req) end
Or if you simply want to make a GET request, you may pass in a URI
object that has an HTTPS URL. Net::HTTP automatically turns on TLS verification if the URI
object has a ‘https’ URI
scheme:
uri # => #<URI::HTTPS https://jsonplaceholder.typicode.com/> Net::HTTP.get(uri)
An HTTP object can have a proxy server.
You can create an HTTP object with a proxy server using method Net::HTTP.new
or method Net::HTTP.start
.
The proxy may be defined either by argument p_addr
or by environment variable 'http_proxy'
.
p_addr
as a String When argument p_addr
is a string hostname, the returned http
has the given host as its proxy:
http = Net::HTTP.new(hostname, nil, 'proxy.example') http.proxy? # => true http.proxy_from_env? # => false http.proxy_address # => "proxy.example" # These use default values. http.proxy_port # => 80 http.proxy_user # => nil http.proxy_pass # => nil
The port, username, and password for the proxy may also be given:
http = Net::HTTP.new(hostname, nil, 'proxy.example', 8000, 'pname', 'ppass') # => #<Net::HTTP jsonplaceholder.typicode.com:80 open=false> http.proxy? # => true http.proxy_from_env? # => false http.proxy_address # => "proxy.example" http.proxy_port # => 8000 http.proxy_user # => "pname" http.proxy_pass # => "ppass"
ENV['http_proxy']
’ When environment variable 'http_proxy'
is set to a URI string, the returned http
will have the server at that URI
as its proxy; note that the URI string must have a protocol such as 'http'
or 'https'
:
ENV['http_proxy'] = 'http://example.com' http = Net::HTTP.new(hostname) http.proxy? # => true http.proxy_from_env? # => true http.proxy_address # => "example.com" # These use default values. http.proxy_port # => 80 http.proxy_user # => nil http.proxy_pass # => nil
The URI string may include proxy username, password, and port number:
ENV['http_proxy'] = 'http://pname:ppass@example.com:8000' http = Net::HTTP.new(hostname) http.proxy? # => true http.proxy_from_env? # => true http.proxy_address # => "example.com" http.proxy_port # => 8000 http.proxy_user # => "pname" http.proxy_pass # => "ppass"
With method Net::HTTP.new
(but not Net::HTTP.start
), you can use argument p_no_proxy
to filter proxies:
Reject a certain address:
http = Net::HTTP.new('example.com', nil, 'proxy.example', 8000, 'pname', 'ppass', 'proxy.example') http.proxy_address # => nil
Reject certain domains or subdomains:
http = Net::HTTP.new('example.com', nil, 'my.proxy.example', 8000, 'pname', 'ppass', 'proxy.example') http.proxy_address # => nil
Reject certain addresses and port combinations:
http = Net::HTTP.new('example.com', nil, 'proxy.example', 8000, 'pname', 'ppass', 'proxy.example:1234') http.proxy_address # => "proxy.example" http = Net::HTTP.new('example.com', nil, 'proxy.example', 8000, 'pname', 'ppass', 'proxy.example:8000') http.proxy_address # => nil
Reject a list of the types above delimited using a comma:
http = Net::HTTP.new('example.com', nil, 'proxy.example', 8000, 'pname', 'ppass', 'my.proxy,proxy.example:8000') http.proxy_address # => nil http = Net::HTTP.new('example.com', nil, 'my.proxy', 8000, 'pname', 'ppass', 'my.proxy,proxy.example:8000') http.proxy_address # => nil
Net::HTTP does not compress the body of a request before sending.
By default, Net::HTTP adds header 'Accept-Encoding'
to a new request object:
Net::HTTP::Get.new(uri)['Accept-Encoding'] # => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3"
This requests the server to zip-encode the response body if there is one; the server is not required to do so.
Net::HTTP does not automatically decompress a response body if the response has header 'Content-Range'
.
Otherwise decompression (or not) depends on the value of header Content-Encoding:
'deflate'
, 'gzip'
, or 'x-gzip'
: decompresses the body and deletes the header.
'none'
or 'identity'
: does not decompress the body, but deletes the header.
Any other value: leaves the body and header unchanged.
First, what’s elsewhere. Class
Net::HTTP
:
Inherits from class Object.
This is a categorized summary of methods and attributes.
::start: Begins a new session in a new Net::HTTP object.
#started?: Returns whether in a session.
#finish: Ends an active session.
#start: Begins a new session in an existing Net::HTTP object (self
).
:continue_timeout: Returns the continue timeout.
#continue_timeout=: Sets the continue timeout seconds.
:keep_alive_timeout: Returns the keep-alive timeout.
:keep_alive_timeout=: Sets the keep-alive timeout.
:max_retries: Returns the maximum retries.
#max_retries=: Sets the maximum retries.
:open_timeout: Returns the open timeout.
:open_timeout=: Sets the open timeout.
:read_timeout: Returns the open timeout.
:read_timeout=: Sets the read timeout.
:ssl_timeout: Returns the ssl timeout.
:ssl_timeout=: Sets the ssl timeout.
:write_timeout: Returns the write timeout.
write_timeout=: Sets the write timeout.
::get: Sends a GET request and returns the string response body.
::get_print: Sends a GET request and write the string response body to $stdout.
::get_response: Sends a GET request and returns a response object.
::post_form: Sends a POST request with form data and returns a response object.
::post: Sends a POST request with data and returns a response object.
::put: Sends a PUT request with data and returns a response object.
#copy: Sends a COPY request and returns a response object.
#delete: Sends a DELETE request and returns a response object.
#get: Sends a GET request and returns a response object.
#head: Sends a HEAD request and returns a response object.
#lock: Sends a LOCK request and returns a response object.
#mkcol: Sends a MKCOL request and returns a response object.
#move: Sends a MOVE request and returns a response object.
#options: Sends a OPTIONS request and returns a response object.
#patch: Sends a PATCH request and returns a response object.
#post: Sends a POST request and returns a response object.
#propfind: Sends a PROPFIND request and returns a response object.
#proppatch: Sends a PROPPATCH request and returns a response object.
#put: Sends a PUT request and returns a response object.
#request: Sends a request and returns a response object.
#request_get: Sends a GET request and forms a response object; if a block given, calls the block with the object, otherwise returns the object.
#request_head: Sends a HEAD request and forms a response object; if a block given, calls the block with the object, otherwise returns the object.
#request_post: Sends a POST request and forms a response object; if a block given, calls the block with the object, otherwise returns the object.
#send_request: Sends a request and returns a response object.
#trace: Sends a TRACE request and returns a response object.
#unlock: Sends an UNLOCK request and returns a response object.
:close_on_empty_response: Returns whether to close connection on empty response.
:close_on_empty_response=: Sets whether to close connection on empty response.
:ignore_eof: Returns whether to ignore end-of-file when reading a response body with Content-Length
headers.
:ignore_eof=: Sets whether to ignore end-of-file when reading a response body with Content-Length
headers.
:response_body_encoding: Returns the encoding to use for the response body.
#response_body_encoding=: Sets the response body encoding.
:proxy_address: Returns the proxy address.
:proxy_address=: Sets the proxy address.
::proxy_class?: Returns whether self
is a proxy class.
#proxy?: Returns whether self
has a proxy.
#proxy_address: Returns the proxy address.
#proxy_from_env?: Returns whether the proxy is taken from an environment variable.
:proxy_from_env=: Sets whether the proxy is to be taken from an environment variable.
:proxy_pass: Returns the proxy password.
:proxy_pass=: Sets the proxy password.
:proxy_port: Returns the proxy port.
:proxy_port=: Sets the proxy port.
#proxy_user: Returns the proxy user name.
:proxy_user=: Sets the proxy user.
:ca_file: Returns the path to a CA certification file.
:ca_file=: Sets the path to a CA certification file.
:ca_path: Returns the path of to CA directory containing certification files.
:ca_path=: Sets the path of to CA directory containing certification files.
:cert: Returns the OpenSSL::X509::Certificate
object to be used for client certification.
:cert=: Sets the OpenSSL::X509::Certificate
object to be used for client certification.
:cert_store: Returns the X509::Store to be used for verifying peer certificate.
:cert_store=: Sets the X509::Store to be used for verifying peer certificate.
:ciphers: Returns the available SSL ciphers.
:ciphers=: Sets the available SSL ciphers.
:extra_chain_cert: Returns the extra X509 certificates to be added to the certificate chain.
:extra_chain_cert=: Sets the extra X509 certificates to be added to the certificate chain.
:key: Returns the OpenSSL::PKey::RSA
or OpenSSL::PKey::DSA
object.
:key=: Sets the OpenSSL::PKey::RSA
or OpenSSL::PKey::DSA
object.
:max_version: Returns the maximum SSL version.
:max_version=: Sets the maximum SSL version.
:min_version: Returns the minimum SSL version.
:min_version=: Sets the minimum SSL version.
#peer_cert: Returns the X509 certificate chain for the session’s socket peer.
:ssl_version: Returns the SSL version.
:ssl_version=: Sets the SSL version.
#use_ssl=: Sets whether a new session is to use Transport Layer Security.
#use_ssl?: Returns whether self
uses SSL.
:verify_callback: Returns the callback for the server certification verification.
:verify_callback=: Sets the callback for the server certification verification.
:verify_depth: Returns the maximum depth for the certificate chain verification.
:verify_depth=: Sets the maximum depth for the certificate chain verification.
:verify_hostname: Returns the flags for server the certification verification at the beginning of the SSL/TLS session.
:verify_hostname=: Sets he flags for server the certification verification at the beginning of the SSL/TLS session.
:verify_mode: Returns the flags for server the certification verification at the beginning of the SSL/TLS session.
:verify_mode=: Sets the flags for server the certification verification at the beginning of the SSL/TLS session.
:address: Returns the string host name or host IP.
::default_port: Returns integer 80, the default port to use for HTTP
requests.
::http_default_port: Returns integer 80, the default port to use for HTTP
requests.
::https_default_port: Returns integer 443, the default port to use for HTTPS requests.
#ipaddr: Returns the IP address for the connection.
#ipaddr=: Sets the IP address for the connection.
:local_host: Returns the string local host used to establish the connection.
:local_host=: Sets the string local host used to establish the connection.
:local_port: Returns the integer local port used to establish the connection.
:local_port=: Sets the integer local port used to establish the connection.
:port: Returns the integer port number.
::version_1_2? (aliased as ::version_1_2): Returns true; retained for compatibility.
#set_debug_output: Sets the output stream for debugging.
Response class for Multi-Status (WebDAV)
responses (status code 207).
The Multi-Status (WebDAV)
response indicates that the server has received the request, and that the message body can contain a number of separate response codes.
References:
Response class for Already Reported (WebDAV)
responses (status code 208).
The Already Reported (WebDAV)
response indicates that the server has received the request, and that the members of a DAV binding have already been enumerated in a preceding part of the (multi-status) response, and are not being included again.
References:
Response class for Multiple Choices
responses (status code 300).
The Multiple Choices
response indicates that the server offers multiple options for the resource from which the client may choose.
References:
Response class for Multiple Choices
responses (status code 300).
The Multiple Choices
response indicates that the server offers multiple options for the resource from which the client may choose.
References:
Response class for Request Timeout
responses (status code 408).
The server timed out waiting for the request.
References:
Response class for Request Timeout
responses (status code 408).
The server timed out waiting for the request.
References:
Response class for Payload Too Large
responses (status code 413).
The request is larger than the server is willing or able to process.
References:
Response class for URI Too Long
responses (status code 414).
The URI
provided was too long for the server to process.
References:
Response class for URI Too Long
responses (status code 414).
The URI
provided was too long for the server to process.
References:
Response class for URI Too Long
responses (status code 414).
The URI
provided was too long for the server to process.
References:
Response class for Range Not Satisfiable
responses (status code 416).
The request entity has a media type which the server or resource does not support.
References:
Response class for Range Not Satisfiable
responses (status code 416).
The request entity has a media type which the server or resource does not support.
References:
Response class for Not Implemented
responses (status code 501).
The server either does not recognize the request method, or it lacks the ability to fulfil the request.
References:
Response class for Gateway Timeout
responses (status code 504).
The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
References:
Response class for Gateway Timeout
responses (status code 504).
The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
References:
OpenTimeout
, a subclass of Timeout::Error
, is raised if a connection cannot be created within the open_timeout.
ReadTimeout
, a subclass of Timeout::Error
, is raised if a chunk of the response cannot be read within the read_timeout.
Hash
with completion search feature. See OptionParser::Completion
.
Base class of exceptions from OptionParser
.
Represents the use of the ‘&&=` operator for assignment to a class variable.
@@target &&= value ^^^^^^^^^^^^^^^^^^
Represents the use of the ‘||=` operator for assignment to a class variable.
@@target ||= value ^^^^^^^^^^^^^^^^^^
Represents assigning to a class variable using an operator that isn’t ‘=`.
@@target += value ^^^^^^^^^^^^^^^^^
Represents the use of the ‘&&=` operator for assignment to a constant.
Target &&= value ^^^^^^^^^^^^^^^^