Cookie session store: ensure that new sessions doesn't reuse data from a deleted session in the same request.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6424 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
parent
1f02271048
commit
bbcfb9b625
|
@ -1,5 +1,7 @@
|
|||
*SVN*
|
||||
|
||||
* Cookie session store: ensure that new sessions doesn't reuse data from a deleted session in the same request. [Jeremy Kemper]
|
||||
|
||||
* Deprecation: verification with :redirect_to => :named_route shouldn't be deprecated. #7525 [Justin French]
|
||||
|
||||
* Cookie session store: raise ArgumentError when :session_key is blank. [Jeremy Kemper]
|
||||
|
|
|
@ -96,6 +96,7 @@ class CGI::Session::CookieStore
|
|||
# Delete the session data by setting an expired cookie with no data.
|
||||
def delete
|
||||
@data = nil
|
||||
clear_old_cookie_value
|
||||
write_cookie('value' => '', 'expires' => 1.year.ago)
|
||||
end
|
||||
|
||||
|
@ -134,4 +135,9 @@ class CGI::Session::CookieStore
|
|||
cookie = CGI::Cookie.new(@cookie_options.merge(options))
|
||||
@session.cgi.send :instance_variable_set, '@output_cookies', [cookie]
|
||||
end
|
||||
|
||||
# Clear cookie value so subsequent new_session doesn't reload old data.
|
||||
def clear_old_cookie_value
|
||||
@session.cgi.cookies[@cookie_options['name']].clear
|
||||
end
|
||||
end
|
||||
|
|
|
@ -135,6 +135,19 @@ class CookieStoreTest < Test::Unit::TestCase
|
|||
end
|
||||
end
|
||||
|
||||
def test_new_session_doesnt_reuse_deleted_cookie_data
|
||||
set_cookie! cookie_value(:typical)
|
||||
|
||||
new_session do |session|
|
||||
assert_not_nil session['user_id']
|
||||
session.delete
|
||||
|
||||
# Start a new session using the same CGI instance.
|
||||
post_delete_session = CGI::Session.new(session.cgi, self.class.default_session_options)
|
||||
assert_nil post_delete_session['user_id']
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
def assert_no_cookies(session)
|
||||
assert_nil session.cgi.output_cookies, session.cgi.output_cookies.inspect
|
||||
|
|
Loading…
Reference in New Issue