diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2011-07-12 15:05:29 -0700 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2011-07-12 15:05:29 -0700 |
| commit | 4735e2ec656163e7400274e237ed37dff5e3fbb6 (patch) | |
| tree | 9ab1871a50800100ce35cda9c3b549e045661fd4 /activerecord | |
| parent | 8f58bd49d7f089dc12f48be0f83e879936da7f1f (diff) | |
| parent | 66dee26930048a0134f339d20d237a32ced2770d (diff) | |
| download | rails-4735e2ec656163e7400274e237ed37dff5e3fbb6.tar.gz rails-4735e2ec656163e7400274e237ed37dff5e3fbb6.tar.bz2 rails-4735e2ec656163e7400274e237ed37dff5e3fbb6.zip | |
Merge pull request #2041 from SAP-Oxygen/master-session-id-patch-with-test
Fixed session ID fixation for ActiveRecord::SessionStore (for master)
Diffstat (limited to 'activerecord')
| -rw-r--r-- | activerecord/lib/active_record/session_store.rb | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/activerecord/lib/active_record/session_store.rb b/activerecord/lib/active_record/session_store.rb index 929559c3ba..30a7ecd2a0 100644 --- a/activerecord/lib/active_record/session_store.rb +++ b/activerecord/lib/active_record/session_store.rb @@ -297,8 +297,12 @@ module ActiveRecord private def get_session(env, sid) Base.silence do - sid ||= generate_sid - session = find_session(sid) + unless sid and session = @@session_class.find_by_session_id(sid) + # If the sid was nil or if there is no pre-existing session under the sid, + # force the generation of a new sid and associate a new session associated with the new sid + sid = generate_sid + session = @@session_class.new(:session_id => sid, :data => {}) + end env[SESSION_RECORD_KEY] = session [sid, session.data] end |