From 5eb27feff987d9a96df0f49ff034b59f63155b6f Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Thu, 12 Feb 2009 23:54:15 -0500 Subject: [PATCH] Set-Cookie header should always be a string, never an array (Mongrel doesn't know how to parse an array) --- .../lib/action_controller/session/cookie_store.rb | 10 +---- .../test/controller/session/cookie_store_test.rb | 41 +++++++++++++++++--- 2 files changed, 36 insertions(+), 15 deletions(-) diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index 5a728d1..0322814 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -107,15 +107,7 @@ module ActionController cookie[:expires] = Time.now + options[:expire_after] end - cookie = build_cookie(@key, cookie.merge(options)) - case headers[HTTP_SET_COOKIE] - when Array - headers[HTTP_SET_COOKIE] << cookie - when String - headers[HTTP_SET_COOKIE] = [headers[HTTP_SET_COOKIE], cookie] - when nil - headers[HTTP_SET_COOKIE] = cookie - end + headers[HTTP_SET_COOKIE] = build_cookie(@key, cookie.merge(options)) end [status, headers, body] diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index 95d2eb1..da7ad9f 100644 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -92,8 +92,8 @@ class CookieStoreTest < ActionController::IntegrationTest with_test_route_set do get '/set_session_value' assert_response :success - assert_equal ["_myapp_session=#{response.body}; path=/; httponly"], - headers['Set-Cookie'] + assert_equal "_myapp_session=#{response.body}; path=/; httponly", + headers['Set-Cookie'] end end @@ -141,13 +141,41 @@ class CookieStoreTest < ActionController::IntegrationTest end end + def test_uses_correct_session_cookie_after_reset_session + with_test_route_set do + old_session_key = "BAh7BjoIZm9vIghiYXI%3D--" + + "fef868465920f415f2c0652d6910d3af288a0367" + + cookies[SessionKey] = old_session_key + + get '/call_reset_session' + + assert_not_equal cookies[SessionKey], old_session_key + end + end + + def test_sets_correct_set_cookie_header_after_reset_session + with_test_route_set do + old_session_key = "BAh7BjoIZm9vIghiYXI%3D--" + + "fef868465920f415f2c0652d6910d3af288a0367" + + cookies[SessionKey] = old_session_key + + get '/call_reset_session' + + assert cookies[SessionKey], old_session_key + assert_equal "_myapp_session=#{cookies[SessionKey]}; path=/; httponly", + headers['Set-Cookie'] + end + end + def test_setting_session_value_after_session_reset with_test_route_set do get '/set_session_value' assert_response :success session_payload = response.body - assert_equal ["_myapp_session=#{response.body}; path=/; httponly"], - headers['Set-Cookie'] + assert_equal "_myapp_session=#{response.body}; path=/; httponly", + headers['Set-Cookie'] get '/call_reset_session' assert_response :success @@ -191,7 +219,7 @@ class CookieStoreTest < ActionController::IntegrationTest assert_response :success cookie_body = response.body - assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie'] + assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly", headers['Set-Cookie'] # Second request does not access the session time = Time.local(2008, 4, 25) @@ -201,7 +229,8 @@ class CookieStoreTest < ActionController::IntegrationTest get '/no_session_access' assert_response :success - assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie'] + assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly", + headers['Set-Cookie'] end end -- 1.6.0.4