Using signed_id for finding and setting session record (rails#52504)

uxxman · web-flow · commit 1aa85fd89966 · 2024-08-09T08:56:19.000-07:00
diff --git a/railties/lib/rails/generators/rails/authentication/authentication_generator.rb b/railties/lib/rails/generators/rails/authentication/authentication_generator.rb
@@ -47,7 +47,7 @@ def enable_bcrypt
 
       def add_migrations
         generate "migration CreateUsers email_address:string!:uniq password_digest:string! --force"
-        generate "migration CreateSessions user:references token:token! ip_address:string user_agent:string --force"
+        generate "migration CreateSessions user:references ip_address:string user_agent:string --force"
       end
     end
   end
diff --git a/railties/lib/rails/generators/rails/authentication/templates/controllers/concerns/authentication.rb b/railties/lib/rails/generators/rails/authentication/templates/controllers/concerns/authentication.rb
@@ -30,7 +30,7 @@ def resume_session
 
     def find_session_by_cookie
       if token = cookies.signed[:session_token]
-        Session.find_by(token: token)
+        Session.find_signed(token)
       end
     end
 
@@ -53,7 +53,7 @@ def start_new_session_for(user)
 
     def set_current_session(session)
       Current.session = session
-      cookies.signed.permanent[:session_token] = { value: session.token, httponly: true, same_site: :lax }
+      cookies.signed.permanent[:session_token] = { value: session.signed_id, httponly: true, same_site: :lax }
     end
 
     def terminate_session
diff --git a/railties/lib/rails/generators/rails/authentication/templates/models/session.rb b/railties/lib/rails/generators/rails/authentication/templates/models/session.rb
@@ -1,4 +1,3 @@
 class Session < ApplicationRecord
-  has_secure_token
   belongs_to :user
 end
