1 files changed, 17 insertions, 10 deletions

diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb
index a8dc79d10a..f847e80471 100644
--- a/railties/test/application/middleware/session_test.rb
+++ b/railties/test/application/middleware/session_test.rb
@@ -20,12 +20,19 @@ module ApplicationTests
       @app ||= Rails.application
     end
 
-    test "config.force_ssl sets cookie to secure only" do
+    test "config.force_ssl sets cookie to secure only by default" do
       add_to_config "config.force_ssl = true"
       require "#{app_path}/config/environment"
       assert app.config.session_options[:secure], "Expected session to be marked as secure"
     end
 
+    test "config.force_ssl doesn't set cookie to secure only when changed from default" do
+      add_to_config "config.force_ssl = true"
+      add_to_config "config.ssl_options = { secure_cookies: false }"
+      require "#{app_path}/config/environment"
+      assert !app.config.session_options[:secure]
+    end
+
     test "session is not loaded if it's not used" do
       make_basic_app
 
@@ -35,7 +42,7 @@ module ApplicationTests
             flash[:notice] = "notice"
           end
 
-          render nothing: true
+          head :ok
         end
       end
 
@@ -60,7 +67,7 @@ module ApplicationTests
 
           def write_session
             session[:foo] = 1
-            render nothing: true
+            head :ok
           end
 
           def read_session
@@ -101,7 +108,7 @@ module ApplicationTests
 
           def write_cookie
             cookies[:foo] = '1'
-            render nothing: true
+            head :ok
           end
 
           def read_cookie
@@ -139,7 +146,7 @@ module ApplicationTests
         class FooController < ActionController::Base
           def write_session
             session[:foo] = 1
-            render nothing: true
+            head :ok
           end
 
           def read_session
@@ -184,7 +191,7 @@ module ApplicationTests
         class FooController < ActionController::Base
           def write_session
             session[:foo] = 1
-            render nothing: true
+            head :ok
           end
 
           def read_session
@@ -234,12 +241,12 @@ module ApplicationTests
           def write_raw_session
             # {"session_id"=>"1965d95720fffc123941bdfb7d2e6870", "foo"=>1}
             cookies[:_myapp_session] = "BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTE5NjVkOTU3MjBmZmZjMTIzOTQxYmRmYjdkMmU2ODcwBjsAVEkiCGZvbwY7AEZpBg==--315fb9931921a87ae7421aec96382f0294119749"
-            render nothing: true
+            head :ok
           end
 
           def write_session
             session[:foo] = session[:foo] + 1
-            render nothing: true
+            head :ok
           end
 
           def read_session
@@ -293,12 +300,12 @@ module ApplicationTests
           def write_raw_session
             # {"session_id"=>"1965d95720fffc123941bdfb7d2e6870", "foo"=>1}
             cookies[:_myapp_session] = "BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTE5NjVkOTU3MjBmZmZjMTIzOTQxYmRmYjdkMmU2ODcwBjsAVEkiCGZvbwY7AEZpBg==--315fb9931921a87ae7421aec96382f0294119749"
-            render nothing: true
+            head :ok
           end
 
           def write_session
             session[:foo] = session[:foo] + 1
-            render nothing: true
+            head :ok
           end
 
           def read_session