1 files changed, 30 insertions, 10 deletions

diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index ce5f89ee5b..1e6ed624b0 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -21,15 +21,12 @@ module ActionDispatch
     #
     # Session options:
     #
-    # * <tt>:secret</tt>: An application-wide key string or block returning a
-    #   string called per generated digest. The block is called with the
-    #   CGI::Session instance as an argument. It's important that the secret
-    #   is not vulnerable to a dictionary attack. Therefore, you should choose
-    #   a secret consisting of random numbers and letters and more than 30
-    #   characters.
+    # * <tt>:secret</tt>: An application-wide key string. It's important that
+    #   the secret is not vulnerable to a dictionary attack. Therefore, you
+    #   should choose a secret consisting of random numbers and letters and
+    #   more than 30 characters.
     #
     #     secret: '449fe2e7daee471bffae2fd8dc02313d'
-    #     secret: Proc.new { User.current_user.secret_key }
     #
     # * <tt>:digest</tt>: The message digest algorithm used to verify session
     #   integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,
@@ -39,21 +36,38 @@ module ActionDispatch
     # "rake secret" and set the key in config/initializers/secret_token.rb.
     #
     # Note that changing digest or secret invalidates all existing sessions!
-    class CookieStore < Rack::Session::Cookie
+    class CookieStore < Rack::Session::Abstract::ID
       include Compatibility
       include StaleSessionCheck
       include SessionObject
 
-      # Override rack's method
+      def initialize(app, options={})
+        super(app, options.merge!(:cookie_only => true))
+      end
+
       def destroy_session(env, session_id, options)
-        new_sid = super
+        new_sid = generate_sid unless options[:drop]
         # Reset hash and Assign the new session id
         env["action_dispatch.request.unsigned_session_cookie"] = new_sid ? { "session_id" => new_sid } : {}
         new_sid
       end
 
+      def load_session(env)
+        stale_session_check! do
+          data = unpacked_cookie_data(env)
+          data = persistent_session_id!(data)
+          [data["session_id"], data]
+        end
+      end
+
       private
 
+      def extract_session_id(env)
+        stale_session_check! do
+          unpacked_cookie_data(env)["session_id"]
+        end
+      end
+
       def unpacked_cookie_data(env)
         env["action_dispatch.request.unsigned_session_cookie"] ||= begin
           stale_session_check! do
@@ -65,6 +79,12 @@ module ActionDispatch
         end
       end
 
+      def persistent_session_id!(data, sid=nil)
+        data ||= {}
+        data["session_id"] ||= sid || generate_sid
+        data
+      end
+
       def set_session(env, sid, session_data, options)
         session_data["session_id"] = sid
         session_data