diff options
| author | Michael Lovitt <michael@lovitt.net> | 2010-06-22 09:55:50 -0400 |
|---|---|---|
| committer | Jeremy Kemper <jeremy@bitsweat.net> | 2010-06-23 11:56:35 -0700 |
| commit | 49f52c3d910c8f183afc3a54ea2ae9667f23085e (patch) | |
| tree | 410bc3c8fb8921397547c33fd8661f2015065946 /actionpack/test/dispatch/session | |
| parent | 0bf3baa6b3d216c6340f8d3b5d0a3ebc093e969a (diff) | |
| download | rails-49f52c3d910c8f183afc3a54ea2ae9667f23085e.tar.gz rails-49f52c3d910c8f183afc3a54ea2ae9667f23085e.tar.bz2 rails-49f52c3d910c8f183afc3a54ea2ae9667f23085e.zip | |
Sessions should not be created until written to and session data should be destroyed on reset.
[#4938]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Diffstat (limited to 'actionpack/test/dispatch/session')
| -rw-r--r-- | actionpack/test/dispatch/session/cookie_store_test.rb | 11 | ||||
| -rw-r--r-- | actionpack/test/dispatch/session/mem_cache_store_test.rb | 31 |
2 files changed, 39 insertions, 3 deletions
diff --git a/actionpack/test/dispatch/session/cookie_store_test.rb b/actionpack/test/dispatch/session/cookie_store_test.rb index b4380f7818..787524ab7b 100644 --- a/actionpack/test/dispatch/session/cookie_store_test.rb +++ b/actionpack/test/dispatch/session/cookie_store_test.rb @@ -83,7 +83,7 @@ class CookieStoreTest < ActionController::IntegrationTest get '/get_session_id' assert_response :success - assert_equal "id: #{session_id}", response.body + assert_equal "id: #{session_id}", response.body, "should be able to read session id without accessing the session hash" end end @@ -141,6 +141,15 @@ class CookieStoreTest < ActionController::IntegrationTest end end + def test_getting_from_nonexistent_session + with_test_route_set do + get '/get_session_value' + assert_response :success + assert_equal 'foo: nil', response.body + assert_nil headers['Set-Cookie'], "should only create session on write, not read" + end + end + def test_persistent_session_id with_test_route_set do cookies[SessionKey] = SignedBar diff --git a/actionpack/test/dispatch/session/mem_cache_store_test.rb b/actionpack/test/dispatch/session/mem_cache_store_test.rb index 8858a398e0..08f8069888 100644 --- a/actionpack/test/dispatch/session/mem_cache_store_test.rb +++ b/actionpack/test/dispatch/session/mem_cache_store_test.rb @@ -17,7 +17,6 @@ class MemCacheStoreTest < ActionController::IntegrationTest end def get_session_id - session[:foo] render :text => "#{request.session_options[:id]}" end @@ -56,6 +55,34 @@ class MemCacheStoreTest < ActionController::IntegrationTest end end + def test_getting_session_value_after_session_reset + with_test_route_set do + get '/set_session_value' + assert_response :success + assert cookies['_session_id'] + session_cookie = cookies.send(:hash_for)['_session_id'] + + get '/call_reset_session' + assert_response :success + assert_not_equal [], headers['Set-Cookie'] + + cookies << session_cookie # replace our new session_id with our old, pre-reset session_id + + get '/get_session_value' + assert_response :success + assert_equal 'foo: nil', response.body, "data for this session should have been obliterated from memcached" + end + end + + def test_getting_from_nonexistent_session + with_test_route_set do + get '/get_session_value' + assert_response :success + assert_equal 'foo: nil', response.body + assert_nil cookies['_session_id'], "should only create session on write, not read" + end + end + def test_setting_session_value_after_session_reset with_test_route_set do get '/set_session_value' @@ -86,7 +113,7 @@ class MemCacheStoreTest < ActionController::IntegrationTest get '/get_session_id' assert_response :success - assert_equal session_id, response.body + assert_equal session_id, response.body, "should be able to read session id without accessing the session hash" end end |