Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed reset_session for ActiveRecord session store [#2108 state:resol…

…ved]
  • Loading branch information...
commit 9b1b88f09cf1498f04e1cd469d0d5ffccf2b93cc 1 parent 4d4d2c3
Joshua Peek josh authored
21 actionpack/test/activerecord/active_record_store_test.rb
View
@@ -21,6 +21,11 @@ def get_session_value
render :text => "foo: #{session[:foo].inspect}"
end
+ def call_reset_session
+ reset_session
+ head :ok
+ end
+
def rescue_action(e) raise end
end
@@ -61,6 +66,22 @@ def test_getting_nil_session_value
end
end
+ def test_setting_session_value_after_session_reset
+ with_test_route_set do
+ get '/set_session_value'
+ assert_response :success
+ assert cookies['_session_id']
+
+ get '/call_reset_session'
+ assert_response :success
+ assert_not_equal [], headers['Set-Cookie']
+
+ get '/get_session_value'
+ assert_response :success
+ assert_equal 'foo: nil', response.body
+ end
+ end
+
def test_prevents_session_fixation
with_test_route_set do
get '/set_session_value'
10 activerecord/lib/active_record/session_store.rb
View
@@ -287,8 +287,7 @@ def destroy
def get_session(env, sid)
Base.silence do
sid ||= generate_sid
- session = @@session_class.find_by_session_id(sid)
- session ||= @@session_class.new(:session_id => sid, :data => {})
+ session = find_session(sid)
env[SESSION_RECORD_KEY] = session
[sid, session.data]
end
@@ -296,7 +295,7 @@ def get_session(env, sid)
def set_session(env, sid, session_data)
Base.silence do
- record = env[SESSION_RECORD_KEY]
+ record = env[SESSION_RECORD_KEY] ||= find_session(sid)
record.data = session_data
return false unless record.save
@@ -310,5 +309,10 @@ def set_session(env, sid, session_data)
return true
end
+
+ def find_session(id)
+ @@session_class.find_by_session_id(id) ||
+ @@session_class.new(:session_id => id, :data => {})
+ end
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.