aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--actionpack/lib/action_dispatch/middleware/session/abstract_store.rb4
-rw-r--r--actionpack/test/activerecord/active_record_store_test.rb12
-rw-r--r--actionpack/test/dispatch/session/mem_cache_store_test.rb12
3 files changed, 27 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
index 2dff139b49..fcc2287279 100644
--- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -196,7 +196,9 @@ module ActionDispatch
end
def set_cookie(request, options)
- request.cookie_jar[@key] = options
+ if request.cookie_jar[@key] != options[:value] || !options[:expires].nil?
+ request.cookie_jar[@key] = options
+ end
end
def load_session(env)
diff --git a/actionpack/test/activerecord/active_record_store_test.rb b/actionpack/test/activerecord/active_record_store_test.rb
index 736829dbf7..bdd1a0a15c 100644
--- a/actionpack/test/activerecord/active_record_store_test.rb
+++ b/actionpack/test/activerecord/active_record_store_test.rb
@@ -136,6 +136,18 @@ class ActiveRecordStoreTest < ActionController::IntegrationTest
end
end
+ def test_doesnt_write_session_cookie_if_session_id_is_already_exists
+ with_test_route_set do
+ get '/set_session_value'
+ assert_response :success
+ assert cookies['_session_id']
+
+ get '/get_session_value'
+ assert_response :success
+ assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
+ end
+ end
+
def test_prevents_session_fixation
with_test_route_set do
get '/set_session_value'
diff --git a/actionpack/test/dispatch/session/mem_cache_store_test.rb b/actionpack/test/dispatch/session/mem_cache_store_test.rb
index 08f8069888..d388992b98 100644
--- a/actionpack/test/dispatch/session/mem_cache_store_test.rb
+++ b/actionpack/test/dispatch/session/mem_cache_store_test.rb
@@ -117,6 +117,18 @@ class MemCacheStoreTest < ActionController::IntegrationTest
end
end
+ def test_doesnt_write_session_cookie_if_session_id_is_already_exists
+ with_test_route_set do
+ get '/set_session_value'
+ assert_response :success
+ assert cookies['_session_id']
+
+ get '/get_session_value'
+ assert_response :success
+ assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
+ end
+ end
+
def test_prevents_session_fixation
with_test_route_set do
get '/get_session_value'
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 12:19:08 +0000