From 617e94658ddc3f71c42fc4f8c2346f87ff106bbe Mon Sep 17 00:00:00 2001
From: Prem Sichanugrist <s@sikachu.com>
Date: Fri, 25 Jun 2010 02:42:08 +0700
Subject: Make sure that Rails doesn't resent session_id cookie over and over
 again if it's already there [#2485 state:resolved]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie.

Signed-off-by: José Valim <jose.valim@gmail.com>
---
 .../lib/action_dispatch/middleware/session/abstract_store.rb |  4 +++-
 actionpack/test/activerecord/active_record_store_test.rb     | 12 ++++++++++++
 actionpack/test/dispatch/session/mem_cache_store_test.rb     | 12 ++++++++++++
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
index 2dff139b49..fcc2287279 100644
--- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -196,7 +196,9 @@ module ActionDispatch
         end
 
         def set_cookie(request, options)
-          request.cookie_jar[@key] = options
+          if request.cookie_jar[@key] != options[:value] || !options[:expires].nil?
+            request.cookie_jar[@key] = options
+          end
         end
 
         def load_session(env)
diff --git a/actionpack/test/activerecord/active_record_store_test.rb b/actionpack/test/activerecord/active_record_store_test.rb
index 736829dbf7..bdd1a0a15c 100644
--- a/actionpack/test/activerecord/active_record_store_test.rb
+++ b/actionpack/test/activerecord/active_record_store_test.rb
@@ -136,6 +136,18 @@ class ActiveRecordStoreTest < ActionController::IntegrationTest
     end
   end
 
+  def test_doesnt_write_session_cookie_if_session_id_is_already_exists
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      assert cookies['_session_id']
+
+      get '/get_session_value'
+      assert_response :success
+      assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
+    end
+  end
+
   def test_prevents_session_fixation
     with_test_route_set do
       get '/set_session_value'
diff --git a/actionpack/test/dispatch/session/mem_cache_store_test.rb b/actionpack/test/dispatch/session/mem_cache_store_test.rb
index 08f8069888..d388992b98 100644
--- a/actionpack/test/dispatch/session/mem_cache_store_test.rb
+++ b/actionpack/test/dispatch/session/mem_cache_store_test.rb
@@ -117,6 +117,18 @@ class MemCacheStoreTest < ActionController::IntegrationTest
       end
     end
 
+    def test_doesnt_write_session_cookie_if_session_id_is_already_exists
+      with_test_route_set do
+        get '/set_session_value'
+        assert_response :success
+        assert cookies['_session_id']
+
+        get '/get_session_value'
+        assert_response :success
+        assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
+      end
+    end
+
     def test_prevents_session_fixation
       with_test_route_set do
         get '/get_session_value'
-- 
cgit v1.2.3