From a0563bf7b07f218f23c7f46e2fdb4c5c0fd7d488 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Sat, 3 Mar 2007 08:18:30 +0000
Subject: Cookie store: test that >4K raises CookieOverflow and that
 unverifiable cookies are automatically deleted.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6294 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/lib/action_controller/session/cookie_store.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'actionpack/lib/action_controller/session')

diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb
index 1754eb34b1..e65ff6b262 100644
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -89,7 +89,10 @@ class CGI::Session::CookieStore
     def unmarshal(cookie)
       if cookie
         data, digest = CGI.unescape(cookie).split('--')
-        raise TamperedWithCookie unless digest == generate_digest(data)
+        unless digest == generate_digest(data)
+          delete
+          raise TamperedWithCookie
+        end
         Marshal.load(Base64.decode64(data))
       end
     end
-- 
cgit v1.2.3