diff options
author | Joshua Peek <josh@joshpeek.com> | 2009-03-09 22:45:38 -0500 |
---|---|---|
committer | Joshua Peek <josh@joshpeek.com> | 2009-03-09 22:46:03 -0500 |
commit | 224a534400fd622dda57058d1eed349b8375e5e3 (patch) | |
tree | 43dc08e5eb3c2a419169078d73cd50fbc5104098 /actionpack/test/controller | |
parent | 4458edc882b229ea44602da20a6440a6f233f1c8 (diff) | |
download | rails-224a534400fd622dda57058d1eed349b8375e5e3.tar.gz rails-224a534400fd622dda57058d1eed349b8375e5e3.tar.bz2 rails-224a534400fd622dda57058d1eed349b8375e5e3.zip |
reset_session should force a new session id to be generated [#2173]
Diffstat (limited to 'actionpack/test/controller')
-rw-r--r-- | actionpack/test/controller/session/mem_cache_store_test.rb | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/actionpack/test/controller/session/mem_cache_store_test.rb b/actionpack/test/controller/session/mem_cache_store_test.rb index c3a6c8ce45..2f80a3c7c2 100644 --- a/actionpack/test/controller/session/mem_cache_store_test.rb +++ b/actionpack/test/controller/session/mem_cache_store_test.rb @@ -17,11 +17,14 @@ class MemCacheStoreTest < ActionController::IntegrationTest end def get_session_id - render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}" + session[:foo] + render :text => "#{request.session_options[:id]}" end def call_reset_session + session[:bar] reset_session + session[:bar] = "baz" head :ok end @@ -58,47 +61,52 @@ class MemCacheStoreTest < ActionController::IntegrationTest end end - def test_getting_session_id + def test_setting_session_value_after_session_reset with_test_route_set do get '/set_session_value' assert_response :success assert cookies['_session_id'] session_id = cookies['_session_id'] - get '/get_session_id' + get '/call_reset_session' assert_response :success - assert_equal "foo: \"bar\"; id: #{session_id}", response.body - end - end + assert_not_equal [], headers['Set-Cookie'] - def test_prevents_session_fixation - with_test_route_set do get '/get_session_value' assert_response :success assert_equal 'foo: nil', response.body - session_id = cookies['_session_id'] - - reset! - get '/set_session_value', :_session_id => session_id + get '/get_session_id' assert_response :success - assert_equal nil, cookies['_session_id'] + assert_not_equal session_id, response.body end end - def test_setting_session_value_after_session_reset + def test_getting_session_id with_test_route_set do get '/set_session_value' assert_response :success assert cookies['_session_id'] + session_id = cookies['_session_id'] - get '/call_reset_session' + get '/get_session_id' assert_response :success - assert_not_equal [], headers['Set-Cookie'] + assert_equal session_id, response.body + end + end + def test_prevents_session_fixation + with_test_route_set do get '/get_session_value' assert_response :success assert_equal 'foo: nil', response.body + session_id = cookies['_session_id'] + + reset! + + get '/set_session_value', :_session_id => session_id + assert_response :success + assert_equal nil, cookies['_session_id'] end end rescue LoadError, RuntimeError |