Skip to content

reset_session doesn't change session_id #35587

New issue
New issue
Closed
Closed
reset_session doesn't change session_id#35587
@enewbury

Description

@enewbury
enewbury
opened on Mar 12, 2019

Steps to reproduce

Setup session to use cache_store.
Create two controller endpoints, get_session, and reset_session
The get_session simply returns the data in the session(which instantiates the session)
The reset_session calls "reset_session" and then returns the session.

Expected behavior

Expect to see the session_id in the cookie change after reset_session is called

Actual behavior

The same session_id is returned after calling reset_session.

System configuration

5.2.2

Ruby version:
2.6.1

Research

The destroy method of the ActionDispatch::Request::Session should work similarly to the Rack::SessionHash by reseting the cached 'id' to what is returned from the SessionStore "delete_session" method.

    def destroy
        clear
        options = self.options || {}
        id = @by.send(:delete_session, @req, options.id(@req), options)
        options[:id] = id if id.present?
        # Load the new sid to be written with the response.
        @loaded = false
        load_for_write!
    end

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions