rails--rails/actionpack/test/dispatch/session/cache_store_test.rb

# frozen_string_literal: true

require "abstract_unit"
require "fixtures/session_autoload_test/session_autoload_test/foo"

class CacheStoreTest < ActionDispatch::IntegrationTest
  class TestController < ActionController::Base
    def no_session_access
      head :ok
    end

    def set_session_value
      session[:foo] = "bar"
      head :ok
    end

    def set_serialized_session_value
      session[:foo] = SessionAutoloadTest::Foo.new
      head :ok
    end

    def get_session_value
      render plain: "foo: #{session[:foo].inspect}"
    end

    def get_session_id
      render plain: "#{request.session.id.public_id}"
    end

    def call_reset_session
      session[:bar]
      reset_session
      session[:bar] = "baz"
      head :ok
    end
  end

  def test_setting_and_getting_session_value
    with_test_route_set do
      get "/set_session_value"
      assert_response :success
      assert cookies["_session_id"]

      get "/get_session_value"
      assert_response :success
      assert_equal 'foo: "bar"', response.body
    end
  end

  def test_getting_nil_session_value
    with_test_route_set do
      get "/get_session_value"
      assert_response :success
      assert_equal "foo: nil", response.body
    end
  end

  def test_getting_session_value_after_session_reset
    with_test_route_set do
      get "/set_session_value"
      assert_response :success
      assert cookies["_session_id"]
      session_cookie = cookies.send(:hash_for)["_session_id"]

      get "/call_reset_session"
      assert_response :success
      assert_not_equal [], headers["Set-Cookie"]

      cookies << session_cookie # replace our new session_id with our old, pre-reset session_id

      get "/get_session_value"
      assert_response :success
      assert_equal "foo: nil", response.body, "data for this session should have been obliterated from cache"
    end
  end

  def test_getting_from_nonexistent_session
    with_test_route_set do
      get "/get_session_value"
      assert_response :success
      assert_equal "foo: nil", response.body
      assert_nil cookies["_session_id"], "should only create session on write, not read"
    end
  end

  def test_setting_session_value_after_session_reset
    with_test_route_set do
      get "/set_session_value"
      assert_response :success
      assert cookies["_session_id"]
      session_id = cookies["_session_id"]

      get "/call_reset_session"
      assert_response :success
      assert_not_equal [], headers["Set-Cookie"]

      get "/get_session_value"
      assert_response :success
      assert_equal "foo: nil", response.body

      get "/get_session_id"
      assert_response :success
      assert_not_equal session_id, response.body
    end
  end

  def test_getting_session_id
    with_test_route_set do
      get "/set_session_value"
      assert_response :success
      assert cookies["_session_id"]
      session_id = cookies["_session_id"]

      get "/get_session_id"
      assert_response :success
      assert_equal session_id, response.body, "should be able to read session id without accessing the session hash"
    end
  end

  def test_deserializes_unloaded_class
    with_test_route_set do
      with_autoload_path "session_autoload_test" do
        get "/set_serialized_session_value"
        assert_response :success
        assert cookies["_session_id"]
      end
      with_autoload_path "session_autoload_test" do
        get "/get_session_id"
        assert_response :success
      end
      with_autoload_path "session_autoload_test" do
        get "/get_session_value"
        assert_response :success
        assert_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">', response.body, "should auto-load unloaded class"
      end
    end
  end

  def test_doesnt_write_session_cookie_if_session_id_is_already_exists
    with_test_route_set do
      get "/set_session_value"
      assert_response :success
      assert cookies["_session_id"]

      get "/get_session_value"
      assert_response :success
      assert_nil headers["Set-Cookie"], "should not resend the cookie again if session_id cookie is already exists"
    end
  end

  def test_prevents_session_fixation
    with_test_route_set do
      sid = Rack::Session::SessionId.new("0xhax")
      assert_nil @cache.read("_session_id:#{sid.private_id}")

      cookies["_session_id"] = sid.public_id
      get "/set_session_value"

      assert_response :success
      assert_not_equal sid.public_id, cookies["_session_id"]
      assert_nil @cache.read("_session_id:#{sid.private_id}")
      assert_equal(
        { "foo" => "bar" },
        @cache.read("_session_id:#{Rack::Session::SessionId.new(cookies['_session_id']).private_id}")
      )
    end
  end

  def test_can_read_session_with_legacy_id
    with_test_route_set do
      get "/set_session_value"
      assert_response :success
      assert cookies["_session_id"]

      sid = Rack::Session::SessionId.new(cookies["_session_id"])
      session = @cache.read("_session_id:#{sid.private_id}")
      @cache.delete("_session_id:#{sid.private_id}")
      @cache.write("_session_id:#{sid.public_id}", session)

      get "/get_session_value"
      assert_response :success
      assert_equal 'foo: "bar"', response.body
    end
  end

  def test_drop_session_in_the_legacy_id_as_well
    with_test_route_set do
      get "/set_session_value"
      assert_response :success
      assert cookies["_session_id"]

      sid = Rack::Session::SessionId.new(cookies["_session_id"])
      session = @cache.read("_session_id:#{sid.private_id}")
      @cache.delete("_session_id:#{sid.private_id}")
      @cache.write("_session_id:#{sid.public_id}", session)

      get "/call_reset_session"
      assert_response :success
      assert_not_equal [], headers["Set-Cookie"]

      assert_nil @cache.read("_session_id:#{sid.private_id}")
      assert_nil @cache.read("_session_id:#{sid.public_id}")
    end
  end

  private
    def with_test_route_set
      with_routing do |set|
        set.draw do
          ActiveSupport::Deprecation.silence do
            get ":action", to: ::CacheStoreTest::TestController
          end
        end

        @app = self.class.build_app(set) do |middleware|
          @cache = ActiveSupport::Cache::MemoryStore.new
          middleware.use ActionDispatch::Session::CacheStore, key: "_session_id", cache: @cache
          middleware.delete ActionDispatch::ShowExceptions
        end

        yield
      end
    end
end
Use frozen string literal in actionpack/ 2017-07-24 16:20:53 -04:00			`# frozen_string_literal: true`

applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`require "abstract_unit"`
			`require "fixtures/session_autoload_test/session_autoload_test/foo"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00
			`class CacheStoreTest < ActionDispatch::IntegrationTest`
			`class TestController < ActionController::Base`
			`def no_session_access`
			`head :ok`
			`end`

			`def set_session_value`
			`session[:foo] = "bar"`
			`head :ok`
			`end`

			`def set_serialized_session_value`
			`session[:foo] = SessionAutoloadTest::Foo.new`
			`head :ok`
			`end`

			`def get_session_value`
Stop using deprecated `render :text` in test This will silence deprecation warnings. Most of the test can be changed from `render :text` to render `:plain` or `render :body` right away. However, there are some tests that needed to be fixed by hand as they actually assert the default Content-Type returned from `render :body`. 2015-07-17 21:48:00 -04:00			`render plain: "foo: #{session[:foo].inspect}"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`end`

			`def get_session_id`
Fix possible information leak / session hijacking vulnerability. The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it requires the gem dalli to be updated as well. CVE-2019-16782 2019-12-17 16:44:59 -05:00			`render plain: "#{request.session.id.public_id}"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`end`

			`def call_reset_session`
			`session[:bar]`
			`reset_session`
			`session[:bar] = "baz"`
			`head :ok`
			`end`
			`end`

			`def test_setting_and_getting_session_value`
			`with_test_route_set do`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/set_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert cookies["_session_id"]`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/get_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
			`assert_equal 'foo: "bar"', response.body`
			`end`
			`end`

			`def test_getting_nil_session_value`
			`with_test_route_set do`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/get_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert_equal "foo: nil", response.body`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`end`
			`end`

			`def test_getting_session_value_after_session_reset`
			`with_test_route_set do`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/set_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert cookies["_session_id"]`
			`session_cookie = cookies.send(:hash_for)["_session_id"]`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/call_reset_session"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert_not_equal [], headers["Set-Cookie"]`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00
			`cookies << session_cookie # replace our new session_id with our old, pre-reset session_id`

applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/get_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert_equal "foo: nil", response.body, "data for this session should have been obliterated from cache"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`end`
			`end`

			`def test_getting_from_nonexistent_session`
			`with_test_route_set do`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/get_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert_equal "foo: nil", response.body`
			`assert_nil cookies["_session_id"], "should only create session on write, not read"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`end`
			`end`

			`def test_setting_session_value_after_session_reset`
			`with_test_route_set do`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/set_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert cookies["_session_id"]`
			`session_id = cookies["_session_id"]`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/call_reset_session"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert_not_equal [], headers["Set-Cookie"]`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/get_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert_equal "foo: nil", response.body`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/get_session_id"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
			`assert_not_equal session_id, response.body`
			`end`
			`end`

			`def test_getting_session_id`
			`with_test_route_set do`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/set_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert cookies["_session_id"]`
			`session_id = cookies["_session_id"]`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/get_session_id"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
			`assert_equal session_id, response.body, "should be able to read session id without accessing the session hash"`
			`end`
			`end`

			`def test_deserializes_unloaded_class`
			`with_test_route_set do`
			`with_autoload_path "session_autoload_test" do`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/set_serialized_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert cookies["_session_id"]`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`end`
			`with_autoload_path "session_autoload_test" do`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/get_session_id"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
			`end`
			`with_autoload_path "session_autoload_test" do`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/get_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
			`assert_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">', response.body, "should auto-load unloaded class"`
			`end`
			`end`
			`end`

			`def test_doesnt_write_session_cookie_if_session_id_is_already_exists`
			`with_test_route_set do`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/set_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`assert cookies["_session_id"]`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/get_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`assert_response :success`
"Use assert_nil if expecting nil. This will fail in minitest 6." 2016-12-24 12:29:52 -05:00			`assert_nil headers["Set-Cookie"], "should not resend the cookie again if session_id cookie is already exists"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`end`
			`end`

			`def test_prevents_session_fixation`
			`with_test_route_set do`
Fix possible information leak / session hijacking vulnerability. The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it requires the gem dalli to be updated as well. CVE-2019-16782 2019-12-17 16:44:59 -05:00			`sid = Rack::Session::SessionId.new("0xhax")`
			`assert_nil @cache.read("_session_id:#{sid.private_id}")`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00
Fix possible information leak / session hijacking vulnerability. The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it requires the gem dalli to be updated as well. CVE-2019-16782 2019-12-17 16:44:59 -05:00			`cookies["_session_id"] = sid.public_id`
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. 2016-08-06 12:54:50 -04:00			`get "/set_session_value"`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00
			`assert_response :success`
Fix possible information leak / session hijacking vulnerability. The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it requires the gem dalli to be updated as well. CVE-2019-16782 2019-12-17 16:44:59 -05:00			`assert_not_equal sid.public_id, cookies["_session_id"]`
			`assert_nil @cache.read("_session_id:#{sid.private_id}")`
			`assert_equal(`
			`{ "foo" => "bar" },`
			`@cache.read("_session_id:#{Rack::Session::SessionId.new(cookies['_session_id']).private_id}")`
			`)`
			`end`
			`end`

			`def test_can_read_session_with_legacy_id`
			`with_test_route_set do`
			`get "/set_session_value"`
			`assert_response :success`
			`assert cookies["_session_id"]`

Fix cop violations 2019-12-18 15:07:44 -05:00			`sid = Rack::Session::SessionId.new(cookies["_session_id"])`
Fix possible information leak / session hijacking vulnerability. The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it requires the gem dalli to be updated as well. CVE-2019-16782 2019-12-17 16:44:59 -05:00			`session = @cache.read("_session_id:#{sid.private_id}")`
			`@cache.delete("_session_id:#{sid.private_id}")`
			`@cache.write("_session_id:#{sid.public_id}", session)`

			`get "/get_session_value"`
			`assert_response :success`
			`assert_equal 'foo: "bar"', response.body`
			`end`
			`end`

			`def test_drop_session_in_the_legacy_id_as_well`
			`with_test_route_set do`
			`get "/set_session_value"`
			`assert_response :success`
			`assert cookies["_session_id"]`

Fix cop violations 2019-12-18 15:07:44 -05:00			`sid = Rack::Session::SessionId.new(cookies["_session_id"])`
Fix possible information leak / session hijacking vulnerability. The `ActionDispatch::Session::MemcacheStore` is still vulnerable given it requires the gem dalli to be updated as well. CVE-2019-16782 2019-12-17 16:44:59 -05:00			`session = @cache.read("_session_id:#{sid.private_id}")`
			`@cache.delete("_session_id:#{sid.private_id}")`
			`@cache.write("_session_id:#{sid.public_id}", session)`

			`get "/call_reset_session"`
			`assert_response :success`
			`assert_not_equal [], headers["Set-Cookie"]`

			`assert_nil @cache.read("_session_id:#{sid.private_id}")`
			`assert_nil @cache.read("_session_id:#{sid.public_id}")`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`end`
			`end`

			`private`
			`def with_test_route_set`
			`with_routing do \|set\|`
			`set.draw do`
Deprecate :controller and :action path parameters Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values. 2016-03-01 03:48:53 -05:00			`ActiveSupport::Deprecation.silence do`
modernizes hash syntax in actionpack 2016-08-06 13:35:13 -04:00			`get ":action", to: ::CacheStoreTest::TestController`
Deprecate :controller and :action path parameters Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values. 2016-03-01 03:48:53 -05:00			`end`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`end`

			`@app = self.class.build_app(set) do \|middleware\|`
Regenerate sid when sbdy tries to fixate the session Fixed broken test. Thanks Stephen Richards for reporting. 2014-07-09 20:49:37 -04:00			`@cache = ActiveSupport::Cache::MemoryStore.new`
modernizes hash syntax in actionpack 2016-08-06 13:35:13 -04:00			`middleware.use ActionDispatch::Session::CacheStore, key: "_session_id", cache: @cache`
finish deprecating handling strings and symbols since we only work with instances of classes, it greatly simplifies the `Middleware` implementation. 2015-08-07 18:35:39 -04:00			`middleware.delete ActionDispatch::ShowExceptions`
Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. 2011-10-21 14:13:29 -04:00			`end`

			`yield`
			`end`
			`end`
			`end`