Just reading flash messages should not create a session if one does not exist yet.

1 files changed, 17 insertions, 3 deletions

diff --git a/actionpack/test/controller/flash_test.rb b/actionpack/test/controller/flash_test.rb
index 5c636cbab8..4be09f8c83 100644
--- a/actionpack/test/controller/flash_test.rb
+++ b/actionpack/test/controller/flash_test.rb
@@ -236,6 +236,15 @@ class FlashIntegrationTest < ActionController::IntegrationTest
     end
   end
 
+  def test_just_using_flash_does_not_stream_a_cookie_back
+    with_test_route_set do
+      get '/use_flash'
+      assert_response :success
+      assert_nil @response.headers["Set-Cookie"]
+      assert_equal "flash: ", @response.body
+    end
+  end
+
   private
 
     # Overwrite get to send SessionSecret in env hash
@@ -247,10 +256,15 @@ class FlashIntegrationTest < ActionController::IntegrationTest
     def with_test_route_set
       with_routing do |set|
         set.draw do |map|
-          match ':action', :to => ActionDispatch::Session::CookieStore.new(
-            FlashIntegrationTest::TestController, :key => FlashIntegrationTest::SessionKey, :secret => FlashIntegrationTest::SessionSecret
-          )
+          match ':action', :to => FlashIntegrationTest::TestController
+        end
+
+        @app = self.class.build_app(set) do |middleware|
+          middleware.use ActionDispatch::Session::CookieStore, :key => SessionKey
+          middleware.use ActionDispatch::Flash
+          middleware.delete "ActionDispatch::ShowExceptions"
         end
+
         yield
       end
     end