Make sure that Rails doesn't resent session_id cookie over and over a…

…gain if it's already there [#2485 state:resolved]

This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie.

Signed-off-by: José Valim <jose.valim@gmail.com>

actionpack/lib/action_dispatch/middleware/session/abstract_store.rb

@@ -196,7 +196,9 @@ def generate_sid
         end
 
         def set_cookie(request, options)
-          request.cookie_jar[@key] = options
+          if request.cookie_jar[@key] != options[:value] || !options[:expires].nil?
+            request.cookie_jar[@key] = options
+          end
         end
 
         def load_session(env)

actionpack/test/activerecord/active_record_store_test.rb

@@ -136,6 +136,18 @@ def test_getting_session_id
     end
   end
 
+  def test_doesnt_write_session_cookie_if_session_id_is_already_exists
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      assert cookies['_session_id']
+
+      get '/get_session_value'
+      assert_response :success
+      assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
+    end
+  end
+
   def test_prevents_session_fixation
     with_test_route_set do
       get '/set_session_value'

actionpack/test/dispatch/session/mem_cache_store_test.rb

@@ -117,6 +117,18 @@ def test_getting_session_id
       end
     end
 
+    def test_doesnt_write_session_cookie_if_session_id_is_already_exists
+      with_test_route_set do
+        get '/set_session_value'
+        assert_response :success
+        assert cookies['_session_id']
+
+        get '/get_session_value'
+        assert_response :success
+        assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
+      end
+    end
+
     def test_prevents_session_fixation
       with_test_route_set do
         get '/get_session_value'