Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix bug: the TransientSession overwrite carried over into alternate c…

…all stacks.

Details:
* TransientSession used to overwrite the 'rack.session' of a given
  environment settings without duplicating the env.
* Bug example:
  ChainedRouter is inserted in a Rails application, and has two paths A and B.
  TransientSession is middleware in path A, but path A eventually
  returns an X-Cascade of pass.
  So path B is called with the session values set by path A.
  The end Rails app also has the corrupted session values instead of the
  original cookie sessions.
* Fix is to duplicate the environment before setting the 'rack.session' key.
  • Loading branch information...
commit 0d7a383c62616058b82a19a3ccce922cb092eaff 1 parent 61b1a87
@byu authored
View
5 lib/junkfood/rack/sessions.rb
@@ -52,8 +52,9 @@ def initialize(app)
# @return a Rack response from the application.
#
def call(env)
- env['rack.session'] = {}
- @app.call(env)
+ new_env = env.dup
+ new_env['rack.session'] = {}
+ @app.call(new_env)
end
end
end
View
7 spec/junkfood/rack/sessions_spec.rb
@@ -4,6 +4,9 @@
describe 'TransientSession' do
it 'should set the rack.session env parameter with an empty hash' do
+ original_env = {
+ 'rack.session' => { 'hello' => 'world' }
+ }
# We manually create a rack application with the TransientSession
# acting as the only middleware. The application itself is a
# proc object that just checks that the passed rack environment
@@ -14,7 +17,9 @@
env.should eql 'rack.session' => {}
[200, {}, []]
}
- app.call({})
+ app.call(original_env)
+
+ original_env['rack.session'].should eql({'hello' => 'world'})
end
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.