diff options
Diffstat (limited to 'actionpack/test/controller/session/mem_cache_store_test.rb')
-rw-r--r-- | actionpack/test/controller/session/mem_cache_store_test.rb | 45 |
1 files changed, 35 insertions, 10 deletions
diff --git a/actionpack/test/controller/session/mem_cache_store_test.rb b/actionpack/test/controller/session/mem_cache_store_test.rb index 2e2bf79148..7561c93e4a 100644 --- a/actionpack/test/controller/session/mem_cache_store_test.rb +++ b/actionpack/test/controller/session/mem_cache_store_test.rb @@ -16,8 +16,15 @@ class MemCacheStoreTest < ActionController::IntegrationTest render :text => "foo: #{session[:foo].inspect}" end + def get_session_id + session[:foo] + render :text => "#{request.session_options[:id]}" + end + def call_reset_session + session[:bar] reset_session + session[:bar] = "baz" head :ok end @@ -50,38 +57,56 @@ class MemCacheStoreTest < ActionController::IntegrationTest with_test_route_set do get '/get_session_value' assert_response :success - assert_equal 'foo: nil', response.body + assert_equal 'foo: nil', response.body end end - def test_prevents_session_fixation + def test_setting_session_value_after_session_reset with_test_route_set do - get '/get_session_value' + get '/set_session_value' assert_response :success - assert_equal 'foo: nil', response.body + assert cookies['_session_id'] session_id = cookies['_session_id'] - reset! + get '/call_reset_session' + assert_response :success + assert_not_equal [], headers['Set-Cookie'] - get '/set_session_value', :_session_id => session_id + get '/get_session_value' assert_response :success - assert_equal nil, cookies['_session_id'] + assert_equal 'foo: nil', response.body + + get '/get_session_id' + assert_response :success + assert_not_equal session_id, response.body end end - def test_setting_session_value_after_session_reset + def test_getting_session_id with_test_route_set do get '/set_session_value' assert_response :success assert cookies['_session_id'] + session_id = cookies['_session_id'] - get '/call_reset_session' + get '/get_session_id' assert_response :success - assert_not_equal [], headers['Set-Cookie'] + assert_equal session_id, response.body + end + end + def test_prevents_session_fixation + with_test_route_set do get '/get_session_value' assert_response :success assert_equal 'foo: nil', response.body + session_id = cookies['_session_id'] + + reset! + + get '/set_session_value', :_session_id => session_id + assert_response :success + assert_equal nil, cookies['_session_id'] end end rescue LoadError, RuntimeError |