2 files changed, 104 insertions, 6 deletions

diff --git a/actionpack/test/dispatch/session/cookie_store_test.rb b/actionpack/test/dispatch/session/cookie_store_test.rb
index b4380f7818..fd63f5ad5e 100644
--- a/actionpack/test/dispatch/session/cookie_store_test.rb
+++ b/actionpack/test/dispatch/session/cookie_store_test.rb
@@ -83,7 +83,7 @@ class CookieStoreTest < ActionController::IntegrationTest
 
       get '/get_session_id'
       assert_response :success
-      assert_equal "id: #{session_id}", response.body
+      assert_equal "id: #{session_id}", response.body, "should be able to read session id without accessing the session hash"
     end
   end
 
@@ -96,6 +96,31 @@ class CookieStoreTest < ActionController::IntegrationTest
     end
   end
 
+  # {:foo=>#<SessionAutoloadTest::Foo bar:"baz">, :session_id=>"ce8b0752a6ab7c7af3cdb8a80e6b9e46"}
+  SignedSerializedCookie = "BAh7BzoIZm9vbzodU2Vzc2lvbkF1dG9sb2FkVGVzdDo6Rm9vBjoJQGJhciIIYmF6Og9zZXNzaW9uX2lkIiVjZThiMDc1MmE2YWI3YzdhZjNjZGI4YTgwZTZiOWU0Ng==--2bf3af1ae8bd4e52b9ac2099258ace0c380e601c"
+
+  def test_deserializes_unloaded_classes_on_get_id
+    with_test_route_set do
+      with_autoload_path "session_autoload_test" do
+        cookies[SessionKey] = SignedSerializedCookie
+        get '/get_session_id'
+        assert_response :success
+        assert_equal 'id: ce8b0752a6ab7c7af3cdb8a80e6b9e46', response.body, "should auto-load unloaded class"
+      end
+    end
+  end  
+  
+  def test_deserializes_unloaded_classes_on_get_value
+    with_test_route_set do
+      with_autoload_path "session_autoload_test" do 
+        cookies[SessionKey] = SignedSerializedCookie
+        get '/get_session_value'
+        assert_response :success
+        assert_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">', response.body, "should auto-load unloaded class"
+      end
+    end
+  end
+
   def test_close_raises_when_data_overflows
     with_test_route_set do
       assert_raise(ActionDispatch::Cookies::CookieOverflow) {
@@ -141,6 +166,15 @@ class CookieStoreTest < ActionController::IntegrationTest
     end
   end
 
+  def test_getting_from_nonexistent_session
+    with_test_route_set do
+      get '/get_session_value'
+      assert_response :success
+      assert_equal 'foo: nil', response.body
+      assert_nil headers['Set-Cookie'], "should only create session on write, not read"
+    end
+  end
+
   def test_persistent_session_id
     with_test_route_set do
       cookies[SessionKey] = SignedBar
@@ -196,21 +230,21 @@ class CookieStoreTest < ActionController::IntegrationTest
   def test_session_store_without_domain 
     with_test_route_set do
       get '/set_session_value'
-      assert_no_match /domain\=/, headers['Set-Cookie']
+      assert_no_match(/domain\=/, headers['Set-Cookie'])
     end
   end
 
   def test_session_store_with_nil_domain
     with_test_route_set(:domain => nil) do
       get '/set_session_value'
-      assert_no_match /domain\=/, headers['Set-Cookie']
+      assert_no_match(/domain\=/, headers['Set-Cookie'])
     end
   end
 
   def test_session_store_with_all_domains
     with_test_route_set(:domain => :all) do
       get '/set_session_value'
-      assert_match /domain=\.example\.com/, headers['Set-Cookie']
+      assert_match(/domain=\.example\.com/, headers['Set-Cookie'])
     end
   end
 
@@ -238,4 +272,5 @@ class CookieStoreTest < ActionController::IntegrationTest
         yield
       end
     end
+
 end
diff --git a/actionpack/test/dispatch/session/mem_cache_store_test.rb b/actionpack/test/dispatch/session/mem_cache_store_test.rb
index 8858a398e0..9bd6f9b8c4 100644
--- a/actionpack/test/dispatch/session/mem_cache_store_test.rb
+++ b/actionpack/test/dispatch/session/mem_cache_store_test.rb
@@ -11,13 +11,17 @@ class MemCacheStoreTest < ActionController::IntegrationTest
       session[:foo] = "bar"
       head :ok
     end
+    
+    def set_serialized_session_value
+      session[:foo] = SessionAutoloadTest::Foo.new
+      head :ok
+    end
 
     def get_session_value
       render :text => "foo: #{session[:foo].inspect}"
     end
 
     def get_session_id
-      session[:foo]
       render :text => "#{request.session_options[:id]}"
     end
 
@@ -56,6 +60,34 @@ class MemCacheStoreTest < ActionController::IntegrationTest
       end
     end
 
+    def test_getting_session_value_after_session_reset
+      with_test_route_set do
+        get '/set_session_value'
+        assert_response :success
+        assert cookies['_session_id']
+        session_cookie = cookies.send(:hash_for)['_session_id']
+
+        get '/call_reset_session'
+        assert_response :success
+        assert_not_equal [], headers['Set-Cookie']
+
+        cookies << session_cookie # replace our new session_id with our old, pre-reset session_id
+
+        get '/get_session_value'
+        assert_response :success
+        assert_equal 'foo: nil', response.body, "data for this session should have been obliterated from memcached"
+      end
+    end
+
+    def test_getting_from_nonexistent_session
+      with_test_route_set do
+        get '/get_session_value'
+        assert_response :success
+        assert_equal 'foo: nil', response.body
+        assert_nil cookies['_session_id'], "should only create session on write, not read"
+      end
+    end
+
     def test_setting_session_value_after_session_reset
       with_test_route_set do
         get '/set_session_value'
@@ -86,7 +118,38 @@ class MemCacheStoreTest < ActionController::IntegrationTest
 
         get '/get_session_id'
         assert_response :success
-        assert_equal session_id, response.body
+        assert_equal session_id, response.body, "should be able to read session id without accessing the session hash"
+      end
+    end
+
+    def test_deserializes_unloaded_class
+      with_test_route_set do
+        with_autoload_path "session_autoload_test" do
+          get '/set_serialized_session_value'
+          assert_response :success
+          assert cookies['_session_id']
+        end
+        with_autoload_path "session_autoload_test" do
+          get '/get_session_id'
+          assert_response :success
+        end
+        with_autoload_path "session_autoload_test" do
+          get '/get_session_value'
+          assert_response :success
+          assert_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">', response.body, "should auto-load unloaded class"
+        end
+      end
+    end
+
+    def test_doesnt_write_session_cookie_if_session_id_is_already_exists
+      with_test_route_set do
+        get '/set_session_value'
+        assert_response :success
+        assert cookies['_session_id']
+
+        get '/get_session_value'
+        assert_response :success
+        assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
       end
     end