Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Revert "fix the Flash middleware loading the session on every request…

… (very dangerous especially with Rack::Cache), it should only be loaded when the flash method is called"

This reverts commits e3069c6 and 2b2983d.

Reason: This add a non-backward compatible change in the way that flash
works now (swept in every request).
  • Loading branch information...
1 parent f7cde3e commit 3cba6eee66a4c25b93839ea6fd1da08d7780f2de @rafaelfranca rafaelfranca committed
1  actionpack/lib/action_controller/test_case.rb
@@ -460,6 +460,7 @@ def process(action, parameters = nil, session = nil, flash = nil, http_method =
@request.session = if session
@request.session["flash"] = @request.flash.update(flash || {})
+ @request.session["flash"].sweep
@controller.request = @request
build_request_uri(action, parameters)
9 actionpack/lib/action_dispatch/middleware/flash.rb
@@ -4,7 +4,7 @@ class Request
# read a notice you put there or <tt>flash["notice"] = "hello"</tt>
# to put a new one.
def flash
- @env[Flash::KEY] ||= (session["flash"] ||
+ @env[Flash::KEY] ||= (session["flash"] ||
@@ -235,6 +235,10 @@ def initialize(app)
def call(env)
+ if (session = env['rack.session']) && (flash = session['flash'])
+ flash.sweep
+ end
session = env['rack.session'] || {}
@@ -251,8 +255,7 @@ def call(env)
env[KEY] = new_hash
- if (!session.respond_to?(:loaded?) || session.loaded?) && # (reset_session uses {}, which doesn't implement #loaded?)
- session.key?('flash') && session['flash'].empty?
+ if session.key?('flash') && session['flash'].empty?
20 railties/test/application/middleware/session_test.rb
@@ -26,25 +26,5 @@ def app
require "#{app_path}/config/environment"
assert app.config.session_options[:secure], "Expected session to be marked as secure"
- test "session is not loaded if it's not used" do
- make_basic_app
- class ::OmgController < ActionController::Base
- def index
- if params[:flash]
- flash[:notice] = "notice"
- end
- render :nothing => true
- end
- end
- get "/?flash=true"
- get "/"
- assert last_request.env["HTTP_COOKIE"]
- assert !last_response.headers["Set-Cookie"]
- end

6 comments on commit 3cba6ee


But that behavior was itself a backwards-incompatible behavior regression in 3.1!


So it should be reverted in 3.1 too


What I mean is that this revert is putting it back to behavior that was itself a regression. It should never have been that way in the first place, it happened because of what was supposed to be refactoring (moving ActionController code to Rack middleware) accidentally changed the behavior.


Wich behaviour? The flash behaviour was always this, swept in every request


Not true, go test on older versions of rails. It was only swept if the flash object was loaded.

There was even test coverage that was supposed to prove that it didn't do that. Unfortunately the actioncontroller test harness code did not behave the same way as the Rack middleware, so the test was passing even though it didn't have the same behavior any more.


This is how it was working in 3.1 and 3.2.


We can't change a behavior in a stable release so it was reverted in 3.2 and should be reverted in 3.1. I didn't reverted on master exactly because this behaviour you proposed can be the right.

Please sign in to comment.
Something went wrong with that request. Please try again.