-
Notifications
You must be signed in to change notification settings - Fork 21.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Properly reset the session on reset_session #7495
Conversation
My guess is that it's a bug in the test framework. Can you try generating an app and testing with real requests and responses? I'll bet that the id does get reset IRL, but that the test framework is reusing objects or something. I know for a fact the test framework is reusing requests and response objects, and that may impact this test. |
Word. I'll see if I can give that a shot after eating this delicious soup! ... of course, this is something you ALREADY TOLD ME on Campfire... duh. I got too lost in backtraces. :) |
@steveklabnik I have included two more changesets related to this fix (https://github.com/alup/rails/commits/). Feel free to pull them. I have also rebased and tested the latest master, but I got the same test failure. I haven't yet investigated the test, but I have tested the changes in a real app (@tenderlove) and the reset works fine. The session id is now regenerated and assigned correctly. |
Update: Now with the latest commit alup@b22fe1d all the tests are passing :) |
Use load_for_write! to ensure a refresh of the session object. This way the new session_id and the empty data will be stored properly. E.g. in the case of the session cookie store this means that a new digest will be returned to the user.
Awesome! I've added them into this PR. Seems legit to me. @tenderlove? |
Seems good to me. Do the tests pass? |
All tests of |
Yep, the all pass for me. |
Except for the MemCacheStore tests which are skipped :S due to the lack of |
Ok, managed to test against memcached, too. All tests are passing for actionpack. |
Properly reset the session on reset_session
Just found this issue, as I was noticing some odd session behavior with 3.2.8 this evening.
|
@burns Better look at the |
Yes, it's not a trivial backport for sure. |
Would this be an acceptable solution to index a05a23d..721d67a 100644
--- a/actionpack/lib/action_dispatch/request/session.rb
+++ b/actionpack/lib/action_dispatch/request/session.rb
@@ -80,6 +80,8 @@ module ActionDispatch
def [](key)
load_for_read!
+ load_for_write! if key.to_s == 'session_id'
@delegate[key.to_s]
end So, if I don't think this can simply be pulled from Anyway, this would still prevent a session load for other keys when there is no active session. Of course, this should |
Fixes #7478
Well, it would if it were actually finished. There is one test failure:
I am not sure why
#destroy
does not reset the session. It claims to, and following the trail of code, looks like it does. But it doesn't. Anybody have any ideas?