From 435d7fd5711d5288d8a99a067846ebc602f9a079 Mon Sep 17 00:00:00 2001
From: Shin-ichiro OGAWA <rust.stnard+git@gmail.com>
Date: Tue, 25 May 2010 15:17:39 +0900
Subject: [PATCH 1/2] blank session_id is allowed

Signed-off-by: Shin-ichiro OGAWA <rust.stnard+git@gmail.com>
---
 .../test/activerecord/active_record_store_test.rb  |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/actionpack/test/activerecord/active_record_store_test.rb b/actionpack/test/activerecord/active_record_store_test.rb
index bde36eb..f0b3b3e 100644
--- a/actionpack/test/activerecord/active_record_store_test.rb
+++ b/actionpack/test/activerecord/active_record_store_test.rb
@@ -26,6 +26,11 @@ class ActiveRecordStoreTest < ActionController::IntegrationTest
       render :text => "#{request.session_options[:id]}"
     end
 
+    def get_session_id_and_value
+      session[:foo]
+      render :text => "#{session[:foo]}: #{request.session_options[:id]}:"
+    end
+
     def call_reset_session
       session[:foo]
       reset_session
@@ -107,6 +112,20 @@ class ActiveRecordStoreTest < ActionController::IntegrationTest
     end
   end
 
+  def test_blank_session_id
+    with_test_route_set do
+      cookies['_session_id'] = ""
+      get '/set_session_value'
+      assert_response :success
+      assert_equal cookies['_session_id'], ""
+      session_id = cookies['_session_id']
+
+      get '/get_session_id_and_value'
+      assert_response :success
+      assert_equal "bar: :", response.body
+    end
+  end
+
   def test_prevents_session_fixation
     with_test_route_set do
       get '/set_session_value'
-- 
1.6.5