From bb8dc4e3c0eb189cdec34b95c5f5b272c2538734 Mon Sep 17 00:00:00 2001
From: Rich Collins <richcollins@gmail.com>
Date: Tue, 3 Jun 2008 17:55:50 -0700
Subject: [PATCH] The session_id is now stored in the CookieStore

---
 .../lib/action_controller/session/cookie_store.rb  |    8 ++++--
 .../test/controller/session/cookie_store_test.rb   |   23 +++++++++++--------
 2 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb
index b477c1f..3b9b567 100644
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -130,19 +130,21 @@ class CGI::Session::CookieStore
     # Marshal a session hash into safe cookie data. Include an integrity hash.
     def marshal(session)
       data = ActiveSupport::Base64.encode64(Marshal.dump(session)).chop
-      "#{data}--#{generate_digest(data)}"
+      "#{@session.session_id}--#{data}--#{generate_digest(data)}"
     end
 
     # Unmarshal cookie data to a hash and verify its integrity.
     def unmarshal(cookie)
       if cookie
-        data, digest = cookie.split('--')
-
+        session_id, data, digest = cookie.split('--')
+        
         # Do two checks to transparently support old double-escaped data.
         unless digest == generate_digest(data) || digest == generate_digest(data = CGI.unescape(data))
           delete
           raise TamperedWithCookie
         end
+        
+        @session.instance_variable_set(:@session_id, session_id)
 
         Marshal.load(ActiveSupport::Base64.decode64(data))
       end
diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index 5adaeaf..8f64e8b 100755
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -31,6 +31,8 @@ class CGI
 end
 
 class CookieStoreTest < Test::Unit::TestCase
+  TEST_SESSION_ID = '2a741d3f640818b318790f70dd212a9d'
+  
   def self.default_session_options
     { 'database_manager' => CGI::Session::CookieStore,
       'session_key' => '_myapp_session',
@@ -40,11 +42,11 @@ class CookieStoreTest < Test::Unit::TestCase
   end
 
   def self.cookies
-    { :empty => ['BAgw--0686dcaccc01040f4bd4f35fe160afe9bc04c330', {}],
-      :a_one => ['BAh7BiIGYWkG--5689059497d7f122a7119f171aef81dcfd807fec', { 'a' => 1 }],
-      :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--9d20154623b9eeea05c62ab819be0e2483238759', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}],
-      :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }],
-      :double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf'), { 'user_id' => 123, 'flash' => {} }] }
+    { :empty => [TEST_SESSION_ID + '--BAgw--0686dcaccc01040f4bd4f35fe160afe9bc04c330', {}],
+      :a_one => [TEST_SESSION_ID + '--BAh7BiIGYWkG--5689059497d7f122a7119f171aef81dcfd807fec', { 'a' => 1 }],
+      :typical => [TEST_SESSION_ID + '--BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--9d20154623b9eeea05c62ab819be0e2483238759', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}],
+      :flashed => [TEST_SESSION_ID + '--BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }],
+      :double_escaped => [CGI.escape(TEST_SESSION_ID + '--BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf'), { 'user_id' => 123, 'flash' => {} }] }
 
   end
 
@@ -90,6 +92,7 @@ class CookieStoreTest < Test::Unit::TestCase
       set_cookie! value
       new_session do |session|
         assert_nil session['lazy loads the data hash']
+        assert_equal TEST_SESSION_ID, session.session_id
         assert_equal expected, session.dbman.data
       end
     end
@@ -249,10 +252,10 @@ class CookieStoreWithMD5DigestTest < CookieStoreTest
   end
 
   def self.cookies
-    { :empty => ['BAgw--0415cc0be9579b14afc22ee2d341aa21', {}],
-      :a_one => ['BAh7BiIGYWkG--5a0ed962089cc6600ff44168a5d59bc8', { 'a' => 1 }],
-      :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--f426763f6ef435b3738b493600db8d64', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}],
-      :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }],
-      :double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51'), { 'user_id' => 123, 'flash' => {} }] }
+    { :empty => [TEST_SESSION_ID + '--BAgw--0415cc0be9579b14afc22ee2d341aa21', {}],
+      :a_one => [TEST_SESSION_ID + '--BAh7BiIGYWkG--5a0ed962089cc6600ff44168a5d59bc8', { 'a' => 1 }],
+      :typical => [TEST_SESSION_ID + '--BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--f426763f6ef435b3738b493600db8d64', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}],
+      :flashed => [TEST_SESSION_ID + '--BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }],
+      :double_escaped => [CGI.escape(TEST_SESSION_ID + '--BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51'), { 'user_id' => 123, 'flash' => {} }] }
   end
 end
-- 
1.5.5.1


From d1c46c4895f4de5f2c53f581c2c8a62152224308 Mon Sep 17 00:00:00 2001
From: Rich Collins <richcollins@gmail.com>
Date: Tue, 3 Jun 2008 17:59:37 -0700
Subject: [PATCH] Fix whitespace warnings

---
 .../lib/action_controller/session/cookie_store.rb  |    4 ++--
 .../test/controller/session/cookie_store_test.rb   |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb
index 3b9b567..38a861e 100644
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -137,13 +137,13 @@ class CGI::Session::CookieStore
     def unmarshal(cookie)
       if cookie
         session_id, data, digest = cookie.split('--')
-        
+
         # Do two checks to transparently support old double-escaped data.
         unless digest == generate_digest(data) || digest == generate_digest(data = CGI.unescape(data))
           delete
           raise TamperedWithCookie
         end
-        
+
         @session.instance_variable_set(:@session_id, session_id)
 
         Marshal.load(ActiveSupport::Base64.decode64(data))
diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index 8f64e8b..fb8a85e 100755
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -32,7 +32,7 @@ end
 
 class CookieStoreTest < Test::Unit::TestCase
   TEST_SESSION_ID = '2a741d3f640818b318790f70dd212a9d'
-  
+
   def self.default_session_options
     { 'database_manager' => CGI::Session::CookieStore,
       'session_key' => '_myapp_session',
-- 
1.5.5.1