1 files changed, 5 insertions, 5 deletions

diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb
index e061c4d4a1..5a728d1877 100644
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -45,7 +45,7 @@ module ActionController
         :domain       => nil,
         :path         => "/",
         :expire_after => nil,
-        :httponly     => false
+        :httponly     => true
       }.freeze
 
       ENV_SESSION_KEY = "rack.session".freeze
@@ -56,8 +56,6 @@ module ActionController
       class CookieOverflow < StandardError; end
 
       def initialize(app, options = {})
-        options = options.dup
-
         # Process legacy CGI options
         options = options.symbolize_keys
         if options.has_key?(:session_path)
@@ -95,12 +93,14 @@ module ActionController
         status, headers, body = @app.call(env)
 
         session_data = env[ENV_SESSION_KEY]
-        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?)
+        options = env[ENV_SESSION_OPTIONS_KEY]
+
+        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
+          session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)
           session_data = marshal(session_data.to_hash)
 
           raise CookieOverflow if session_data.size > MAX
 
-          options = env[ENV_SESSION_OPTIONS_KEY]
           cookie = Hash.new
           cookie[:value] = session_data
           unless options[:expire_after].nil?