aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--actionpack/lib/action_dispatch/http/request.rb7
-rw-r--r--actionpack/lib/action_dispatch/middleware/session/cookie_store.rb8
-rw-r--r--actionpack/lib/action_dispatch/request/session.rb7
3 files changed, 18 insertions, 4 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index d24c7c7f3f..b8ebeb408f 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -227,8 +227,11 @@ module ActionDispatch
# TODO This should be broken apart into AD::Request::Session and probably
# be included by the session middleware.
def reset_session
- session.destroy if session && session.respond_to?(:destroy)
- self.session = {}
+ if session && session.respond_to?(:destroy)
+ session.destroy
+ else
+ self.session = {}
+ end
@env['action_dispatch.request.flash_hash'] = nil
end
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index 9b159b2caf..019849ef95 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -44,6 +44,14 @@ module ActionDispatch
include StaleSessionCheck
include SessionObject
+ # Override rack's method
+ def destroy_session(env, session_id, options)
+ new_sid = super
+ # Reset hash and Assign the new session id
+ env["action_dispatch.request.unsigned_session_cookie"] = new_sid ? { "session_id" => new_sid } : {}
+ new_sid
+ end
+
private
def unpacked_cookie_data(env)
diff --git a/actionpack/lib/action_dispatch/request/session.rb b/actionpack/lib/action_dispatch/request/session.rb
index 35d694b4a1..a05a23d953 100644
--- a/actionpack/lib/action_dispatch/request/session.rb
+++ b/actionpack/lib/action_dispatch/request/session.rb
@@ -70,9 +70,12 @@ module ActionDispatch
def destroy
clear
options = self.options || {}
- @by.send(:destroy_session, @env, options[:id], options)
- options[:id] = nil
+ new_sid = @by.send(:destroy_session, @env, options[:id], options)
+ options[:id] = new_sid # Reset session id with a new value or nil
+
+ # Load the new sid to be written with the response
@loaded = false
+ load_for_write!
end
def [](key)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 09:06:15 +0000