Add 'digest' option

The option specifies the digest algorithm to hash the session id when
generating the filename for this session's FileStore file.  It is
defaulted to "MD5" because of backward compatibility for now.

Author: nobu

lib/cgi/session.rb

@@ -210,15 +210,19 @@ def create_new_id
     # suffix:: the prefix to add to the session id when generating
     #          the filename for this session's FileStore file.
     #          Defaults to the empty string.
+    # digest:: the digest algorithm to hash the session id when
+    #          generating the filename for this session's FileStore
+    #          file.  Defaults to "MD5".
     def new_store_file(option={}) # :nodoc:
       dir = option['tmpdir'] || Dir::tmpdir
       prefix = option['prefix']
       suffix = option['suffix']
-      require 'digest/md5'
-      md5 = Digest::MD5.hexdigest(session_id)[0,16]
+      algorithm = option['digest'] || 'MD5'
+      require 'digest'
+      digest = Digest(algorithm).hexdigest(session_id)[0,16]
       path = dir+"/"
       path << prefix if prefix
-      path << md5
+      path << digest
       path << suffix if suffix
       if File::exist? path
         hash = nil
@@ -410,6 +414,9 @@ class FileStore
       # suffix:: the prefix to add to the session id when generating
       #          the filename for this session's FileStore file.
       #          Defaults to the empty string.
+      # digest:: the digest algorithm to hash the session id when
+      #          generating the filename for this session's FileStore
+      #          file.  Defaults to "MD5".
       #
       # This session's FileStore file will be created if it does
       # not exist, or opened if it does.

test/cgi/test_cgi_session.rb

@@ -55,8 +55,8 @@ def test_cgi_session_filestore
     assert_equal(value1,session["key1"])
     assert_equal(value2,session["key2"])
     session.close
-
   end
+
   def test_cgi_session_pstore
     update_env(
       'REQUEST_METHOD'  => 'GET',
@@ -92,6 +92,7 @@ def test_cgi_session_pstore
     assert_equal(value2,session["key2"])
     session.close
   end if defined?(::PStore)
+
   def test_cgi_session_specify_session_id
     update_env(
       'REQUEST_METHOD'  => 'GET',
@@ -130,6 +131,7 @@ def test_cgi_session_specify_session_id
     assert_equal("foo",session.session_id)
     session.close
   end
+
   def test_cgi_session_specify_session_key
     update_env(
       'REQUEST_METHOD'  => 'GET',
@@ -166,4 +168,23 @@ def test_cgi_session_specify_session_key
     assert_equal(value2,session["key2"])
     session.close
   end
+
+  def test_cgi_session_filestore_digest
+    session_id = "banana"
+    path_md5 = session_file_store_path("tmpdir"=>@session_dir, "session_id"=>session_id)
+    assert_equal path_md5, session_file_store_path("tmpdir"=>@session_dir, "session_id"=>session_id)
+    path_sha512 = session_file_store_path("tmpdir"=>@session_dir, "session_id"=>session_id, "digest"=>"SHA512")
+    assert_not_equal path_sha512, path_md5
+  end
+
+  private
+
+  def session_file_store_path(options)
+    cgi = Object.new
+    session = CGI::Session.new(cgi, options)
+    session.delete
+    dbman = session.instance_variable_get(:@dbman)
+    assert_kind_of(CGI::Session::FileStore, dbman)
+    dbman.instance_variable_get(:@path)
+  end
 end