reset_session should force a new session id to be generated [#2173]

actionpack/lib/action_controller/request.rb

@@ -442,6 +442,7 @@ EOM
     end
 
     def reset_session
+      @env['rack.session.options'].delete(:id)
       @env['rack.session'] = {}
     end
 

actionpack/test/activerecord/active_record_store_test.rb

@@ -21,8 +21,15 @@ class ActiveRecordStoreTest < ActionController::IntegrationTest
       render :text => "foo: #{session[:foo].inspect}"
     end
 
+    def get_session_id
+      session[:foo]
+      render :text => "#{request.session_options[:id]}"
+    end
+
     def call_reset_session
+      session[:bar]
       reset_session
+      session[:bar] = "baz"
       head :ok
     end
 
@@ -71,6 +78,7 @@ class ActiveRecordStoreTest < ActionController::IntegrationTest
       get '/set_session_value'
       assert_response :success
       assert cookies['_session_id']
+      session_id = cookies['_session_id']
 
       get '/call_reset_session'
       assert_response :success
@@ -79,6 +87,23 @@ class ActiveRecordStoreTest < ActionController::IntegrationTest
       get '/get_session_value'
       assert_response :success
       assert_equal 'foo: nil', response.body
+
+      get '/get_session_id'
+      assert_response :success
+      assert_not_equal session_id, response.body
+    end
+  end
+
+  def test_getting_session_id
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      assert cookies['_session_id']
+      session_id = cookies['_session_id']
+
+      get '/get_session_id'
+      assert_response :success
+      assert_equal session_id, response.body
     end
   end
 

actionpack/test/controller/session/mem_cache_store_test.rb

@@ -17,11 +17,14 @@ class MemCacheStoreTest < ActionController::IntegrationTest
     end
 
     def get_session_id
-      render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}"
+      session[:foo]
+      render :text => "#{request.session_options[:id]}"
     end
 
     def call_reset_session
+      session[:bar]
       reset_session
+      session[:bar] = "baz"
       head :ok
     end
 
@@ -58,6 +61,27 @@ class MemCacheStoreTest < ActionController::IntegrationTest
       end
     end
 
+    def test_setting_session_value_after_session_reset
+      with_test_route_set do
+        get '/set_session_value'
+        assert_response :success
+        assert cookies['_session_id']
+        session_id = cookies['_session_id']
+
+        get '/call_reset_session'
+        assert_response :success
+        assert_not_equal [], headers['Set-Cookie']
+
+        get '/get_session_value'
+        assert_response :success
+        assert_equal 'foo: nil', response.body
+
+        get '/get_session_id'
+        assert_response :success
+        assert_not_equal session_id, response.body
+      end
+    end
+
     def test_getting_session_id
       with_test_route_set do
         get '/set_session_value'
@@ -67,7 +91,7 @@ class MemCacheStoreTest < ActionController::IntegrationTest
 
         get '/get_session_id'
         assert_response :success
-        assert_equal "foo: \"bar\"; id: #{session_id}", response.body
+        assert_equal session_id, response.body
       end
     end
 
@@ -85,22 +109,6 @@ class MemCacheStoreTest < ActionController::IntegrationTest
         assert_equal nil, cookies['_session_id']
       end
     end
-
-    def test_setting_session_value_after_session_reset
-      with_test_route_set do
-        get '/set_session_value'
-        assert_response :success
-        assert cookies['_session_id']
-
-        get '/call_reset_session'
-        assert_response :success
-        assert_not_equal [], headers['Set-Cookie']
-
-        get '/get_session_value'
-        assert_response :success
-        assert_equal 'foo: nil', response.body
-      end
-    end
   rescue LoadError, RuntimeError
     $stderr.puts "Skipping MemCacheStoreTest tests. Start memcached and try again."
   end