diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 6b611823d0..fd23b1df79 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -194,9 +194,12 @@ module ActionDispatch
       @env['rack.input']
     end
 
+    # TODO This should be broken apart into AD::Request::Session and probably
+    # be included by the session middleware.
     def reset_session
       session.destroy if session
       self.session = {}
+      @env['action_dispatch.request.flash_hash'] = nil
     end
 
     def session=(session) #:nodoc:
diff --git a/actionpack/lib/action_dispatch/middleware/flash.rb b/actionpack/lib/action_dispatch/middleware/flash.rb
index 18771fe782..bfa30cf5af 100644
--- a/actionpack/lib/action_dispatch/middleware/flash.rb
+++ b/actionpack/lib/action_dispatch/middleware/flash.rb
@@ -4,7 +4,7 @@ module ActionDispatch
     # read a notice you put there or <tt>flash["notice"] = "hello"</tt>
     # to put a new one.
     def flash
-      session['flash'] ||= Flash::FlashHash.new
+      @env['action_dispatch.request.flash_hash'] ||= (session["flash"] || Flash::FlashHash.new)
     end
   end
 
@@ -176,7 +176,14 @@ module ActionDispatch
 
       @app.call(env)
     ensure
-      if (session = env['rack.session']) && session.key?('flash') && session['flash'].empty?
+      session    = env['rack.session'] || {}
+      flash_hash = env['action_dispatch.request.flash_hash']
+
+      if flash_hash && (!flash_hash.empty? || session.key?('flash'))
+        session["flash"] = flash_hash
+      end
+
+      if session.key?('flash') && session['flash'].empty?
         session.delete('flash')
       end
     end
diff --git a/actionpack/test/controller/flash_test.rb b/actionpack/test/controller/flash_test.rb
index 5c636cbab8..4be09f8c83 100644
--- a/actionpack/test/controller/flash_test.rb
+++ b/actionpack/test/controller/flash_test.rb
@@ -236,6 +236,15 @@ class FlashIntegrationTest < ActionController::IntegrationTest
     end
   end
 
+  def test_just_using_flash_does_not_stream_a_cookie_back
+    with_test_route_set do
+      get '/use_flash'
+      assert_response :success
+      assert_nil @response.headers["Set-Cookie"]
+      assert_equal "flash: ", @response.body
+    end
+  end
+
   private
 
     # Overwrite get to send SessionSecret in env hash
@@ -247,10 +256,15 @@ class FlashIntegrationTest < ActionController::IntegrationTest
     def with_test_route_set
       with_routing do |set|
         set.draw do |map|
-          match ':action', :to => ActionDispatch::Session::CookieStore.new(
-            FlashIntegrationTest::TestController, :key => FlashIntegrationTest::SessionKey, :secret => FlashIntegrationTest::SessionSecret
-          )
+          match ':action', :to => FlashIntegrationTest::TestController
         end
+
+        @app = self.class.build_app(set) do |middleware|
+          middleware.use ActionDispatch::Session::CookieStore, :key => SessionKey
+          middleware.use ActionDispatch::Flash
+          middleware.delete "ActionDispatch::ShowExceptions"
+        end
+
         yield
       end
     end