This project is archived and is in readonly mode.

#5328 ✓stale
Yar Dmitriev

A dysfunctional session cookie is created in integration tests when any other cookie is created in the same request

Reported by Yar Dmitriev | August 7th, 2010 @ 02:19 PM

This applies to 2.3.8 and also the current 2-3-stable branch.

Look into actionpack/lib/action_controller/session/abstract_store.rb, around line 204:

unless headers[SET_COOKIE].blank?

headers[SET_COOKIE] << "\n#{cookie}"


headers[SET_COOKIE] = cookie


The \n causes a dysfunctional session cookie to be created during integration tests every time when any other cookie is written (i.e. when the array headers[SET_COOKIE] is not empty).

This can cause sessions to be broken in integration tests.

The problem does not affect production use, probably because \n is interpreted differently by the browsers.

Such behavior was introduced with the commit 524d8edf68ab94315a128cbd7570d1cf4faf7d7a by Joshua Peek in Feb 08 2009, titled "Update bundled Rack for Ruby 1.9 spec changes".

How to reproduce:

in pages_controller.rb:

def test

logger.debug "REQUEST: cookies: #{cookies.inspect}"
cookies[:foo] = "bar"


in session_test.rb:

require 'test_helper'

class SessionCookieTest < ActionController::IntegrationTest

def test_login_and_browse_site

get "/pages/test"
get "/pages/test"

end end

Run it and observe the following inside test.log:

REQUEST: cookies: {}
REQUEST: cookies: {"\n_session_id"=>"66f367a068d1b76e4c5316186c8c6036", "foo"=>"bar"}

This is, my friend, a broken session.

Comments and changes to this ticket

  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 05:00 PM

    • State changed from “new” to “open”

    This issue has been automatically marked as stale because it has not been commented on for at least three months.

    The resources of the Rails core team are limited, and so we are asking for your help. If you can still reproduce this error on the 3-0-stable branch or on master, please reply with all of the information you have about it and add "[state:open]" to your comment. This will reopen the ticket for review. Likewise, if you feel that this is a very important feature for Rails to include, please reply with your explanation so we can consider it.

    Thank you for all your contributions, and we hope you will understand this step to focus our efforts where they are most helpful.

  • Santiago Pastorino

    Santiago Pastorino February 2nd, 2011 @ 05:00 PM

    • State changed from “open” to “stale”
  • Yar Dmitriev

    Yar Dmitriev February 24th, 2011 @ 03:40 PM

    3-0-stable does not have this problem.

    (But 2-3-stable, I believe, still does.)

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>

People watching this ticket