From 2ae8d3079b96d343f8cea8513929d656013f880e Mon Sep 17 00:00:00 2001
From: Pratik Naik <pratiknaik@gmail.com>
Date: Wed, 28 Jan 2009 05:05:07 +0000
Subject: Session cookie header should always be set if :expire_after option is
 specified

---
 actionpack/lib/action_controller/session/abstract_store.rb | 6 ++++--
 actionpack/lib/action_controller/session/cookie_store.rb   | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'actionpack/lib/action_controller/session')

diff --git a/actionpack/lib/action_controller/session/abstract_store.rb b/actionpack/lib/action_controller/session/abstract_store.rb
index bf09fd33c5..9434c2e05e 100644
--- a/actionpack/lib/action_controller/session/abstract_store.rb
+++ b/actionpack/lib/action_controller/session/abstract_store.rb
@@ -102,8 +102,10 @@ module ActionController
         response = @app.call(env)
 
         session_data = env[ENV_SESSION_KEY]
-        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?)
-          options = env[ENV_SESSION_OPTIONS_KEY]
+        options = env[ENV_SESSION_OPTIONS_KEY]
+
+        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
+          session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)
 
           if session_data.is_a?(AbstractStore::SessionHash)
             sid = session_data.id
diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb
index 6ad6369950..5a728d1877 100644
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -93,12 +93,14 @@ module ActionController
         status, headers, body = @app.call(env)
 
         session_data = env[ENV_SESSION_KEY]
-        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?)
+        options = env[ENV_SESSION_OPTIONS_KEY]
+
+        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
+          session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)
           session_data = marshal(session_data.to_hash)
 
           raise CookieOverflow if session_data.size > MAX
 
-          options = env[ENV_SESSION_OPTIONS_KEY]
           cookie = Hash.new
           cookie[:value] = session_data
           unless options[:expire_after].nil?
-- 
cgit v1.2.3