diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index 5a728d1..174d3e1 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -110,7 +110,7 @@ module ActionController cookie = build_cookie(@key, cookie.merge(options)) case headers[HTTP_SET_COOKIE] when Array - headers[HTTP_SET_COOKIE] << cookie + headers[HTTP_SET_COOKIE] = cookie when String headers[HTTP_SET_COOKIE] = [headers[HTTP_SET_COOKIE], cookie] when nil diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index 95d2eb1..da7ad9f 100644 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -92,8 +92,8 @@ class CookieStoreTest < ActionController::IntegrationTest with_test_route_set do get '/set_session_value' assert_response :success - assert_equal ["_myapp_session=#{response.body}; path=/; httponly"], - headers['Set-Cookie'] + assert_equal "_myapp_session=#{response.body}; path=/; httponly", + headers['Set-Cookie'] end end @@ -141,13 +141,41 @@ class CookieStoreTest < ActionController::IntegrationTest end end + def test_uses_correct_session_cookie_after_reset_session + with_test_route_set do + old_session_key = "BAh7BjoIZm9vIghiYXI%3D--" + + "fef868465920f415f2c0652d6910d3af288a0367" + + cookies[SessionKey] = old_session_key + + get '/call_reset_session' + + assert_not_equal cookies[SessionKey], old_session_key + end + end + + def test_sets_correct_set_cookie_header_after_reset_session + with_test_route_set do + old_session_key = "BAh7BjoIZm9vIghiYXI%3D--" + + "fef868465920f415f2c0652d6910d3af288a0367" + + cookies[SessionKey] = old_session_key + + get '/call_reset_session' + + assert cookies[SessionKey], old_session_key + assert_equal "_myapp_session=#{cookies[SessionKey]}; path=/; httponly", + headers['Set-Cookie'] + end + end + def test_setting_session_value_after_session_reset with_test_route_set do get '/set_session_value' assert_response :success session_payload = response.body - assert_equal ["_myapp_session=#{response.body}; path=/; httponly"], - headers['Set-Cookie'] + assert_equal "_myapp_session=#{response.body}; path=/; httponly", + headers['Set-Cookie'] get '/call_reset_session' assert_response :success @@ -191,7 +219,7 @@ class CookieStoreTest < ActionController::IntegrationTest assert_response :success cookie_body = response.body - assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie'] + assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly", headers['Set-Cookie'] # Second request does not access the session time = Time.local(2008, 4, 25) @@ -201,7 +229,8 @@ class CookieStoreTest < ActionController::IntegrationTest get '/no_session_access' assert_response :success - assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie'] + assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly", + headers['Set-Cookie'] end end