Revert "fix the Flash middleware loading the session on every request (very dangerous especially with Rack::Cache), it should only be loaded when the flash method is called"

This reverts commits e3069c64b2c5ddc7a5789b55b8efd4902d9e9729 and 2b2983d76fd11efc219273036a612f47cfaa5bfa.

Reason: This add a non-backward compatible change in the way that flash
works now (swept in every request).

3 files changed, 7 insertions, 23 deletions

diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb
index 67c55a7f40..05e3cd40b5 100644
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@@ -460,6 +460,7 @@ module ActionController
 
         @request.session = ActionController::TestSession.new(session) if session
         @request.session["flash"] = @request.flash.update(flash || {})
+        @request.session["flash"].sweep
 
         @controller.request = @request
         build_request_uri(action, parameters)
diff --git a/actionpack/lib/action_dispatch/middleware/flash.rb b/actionpack/lib/action_dispatch/middleware/flash.rb
index 6f97c06b6b..bc5b163931 100644
--- a/actionpack/lib/action_dispatch/middleware/flash.rb
+++ b/actionpack/lib/action_dispatch/middleware/flash.rb
@@ -4,7 +4,7 @@ module ActionDispatch
     # read a notice you put there or <tt>flash["notice"] = "hello"</tt>
     # to put a new one.
     def flash
-      @env[Flash::KEY] ||= (session["flash"] || Flash::FlashHash.new).tap(&:sweep)
+      @env[Flash::KEY] ||= (session["flash"] || Flash::FlashHash.new)
     end
   end
 
@@ -235,6 +235,10 @@ module ActionDispatch
     end
 
     def call(env)
+      if (session = env['rack.session']) && (flash = session['flash'])
+        flash.sweep
+      end
+
       @app.call(env)
     ensure
       session    = env['rack.session'] || {}
@@ -251,8 +255,7 @@ module ActionDispatch
         env[KEY] = new_hash
       end
 
-      if (!session.respond_to?(:loaded?) || session.loaded?) && # (reset_session uses {}, which doesn't implement #loaded?)
-         session.key?('flash') && session['flash'].empty?
+      if session.key?('flash') && session['flash'].empty?
         session.delete('flash')
       end
     end
diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb
index aee2417abc..9f39e18a74 100644
--- a/railties/test/application/middleware/session_test.rb
+++ b/railties/test/application/middleware/session_test.rb
@@ -26,25 +26,5 @@ module ApplicationTests
       require "#{app_path}/config/environment"
       assert app.config.session_options[:secure], "Expected session to be marked as secure"
     end
-
-    test "session is not loaded if it's not used" do
-      make_basic_app
-
-      class ::OmgController < ActionController::Base
-        def index
-          if params[:flash]
-            flash[:notice] = "notice"
-          end
-
-          render :nothing => true
-        end
-      end
-
-      get "/?flash=true"
-      get "/"
-
-      assert last_request.env["HTTP_COOKIE"]
-      assert !last_response.headers["Set-Cookie"]
-    end
   end
 end