From 9f45bc8d04f96f82af31c906d081a6912eb5f617 Mon Sep 17 00:00:00 2001
From: Prem Sichanugrist <s@sikachu.com>
Date: Fri, 25 Jun 2010 02:42:08 +0700
Subject: [PATCH] Make sure that Rails doesn't resent session_id cookie over and over again if it's already there [#2485 state:resolved]

This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie.
---
 .../middleware/session/abstract_store.rb           |    4 +++-
 .../test/activerecord/active_record_store_test.rb  |   12 ++++++++++++
 .../test/dispatch/session/mem_cache_store_test.rb  |   12 ++++++++++++
 3 files changed, 27 insertions(+), 1 deletions(-)

diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
index 2dff139..fcc2287 100644
--- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -196,7 +196,9 @@ module ActionDispatch
         end
 
         def set_cookie(request, options)
-          request.cookie_jar[@key] = options
+          if request.cookie_jar[@key] != options[:value] || !options[:expires].nil?
+            request.cookie_jar[@key] = options
+          end
         end
 
         def load_session(env)
diff --git a/actionpack/test/activerecord/active_record_store_test.rb b/actionpack/test/activerecord/active_record_store_test.rb
index 736829d..bdd1a0a 100644
--- a/actionpack/test/activerecord/active_record_store_test.rb
+++ b/actionpack/test/activerecord/active_record_store_test.rb
@@ -136,6 +136,18 @@ class ActiveRecordStoreTest < ActionController::IntegrationTest
     end
   end
 
+  def test_doesnt_write_session_cookie_if_session_id_is_already_exists
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      assert cookies['_session_id']
+
+      get '/get_session_value'
+      assert_response :success
+      assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
+    end
+  end
+
   def test_prevents_session_fixation
     with_test_route_set do
       get '/set_session_value'
diff --git a/actionpack/test/dispatch/session/mem_cache_store_test.rb b/actionpack/test/dispatch/session/mem_cache_store_test.rb
index 08f8069..d388992 100644
--- a/actionpack/test/dispatch/session/mem_cache_store_test.rb
+++ b/actionpack/test/dispatch/session/mem_cache_store_test.rb
@@ -117,6 +117,18 @@ class MemCacheStoreTest < ActionController::IntegrationTest
       end
     end
 
+    def test_doesnt_write_session_cookie_if_session_id_is_already_exists
+      with_test_route_set do
+        get '/set_session_value'
+        assert_response :success
+        assert cookies['_session_id']
+
+        get '/get_session_value'
+        assert_response :success
+        assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
+      end
+    end
+
     def test_prevents_session_fixation
       with_test_route_set do
         get '/get_session_value'
-- 
1.7.0.4