From 49f52c3d910c8f183afc3a54ea2ae9667f23085e Mon Sep 17 00:00:00 2001
From: Michael Lovitt <michael@lovitt.net>
Date: Tue, 22 Jun 2010 09:55:50 -0400
Subject: Sessions should not be created until written to and session data
 should be destroyed on reset.

[#4938]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
---
 .../test/dispatch/session/mem_cache_store_test.rb  | 31 ++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

(limited to 'actionpack/test/dispatch/session/mem_cache_store_test.rb')

diff --git a/actionpack/test/dispatch/session/mem_cache_store_test.rb b/actionpack/test/dispatch/session/mem_cache_store_test.rb
index 8858a398e0..08f8069888 100644
--- a/actionpack/test/dispatch/session/mem_cache_store_test.rb
+++ b/actionpack/test/dispatch/session/mem_cache_store_test.rb
@@ -17,7 +17,6 @@ class MemCacheStoreTest < ActionController::IntegrationTest
     end
 
     def get_session_id
-      session[:foo]
       render :text => "#{request.session_options[:id]}"
     end
 
@@ -56,6 +55,34 @@ class MemCacheStoreTest < ActionController::IntegrationTest
       end
     end
 
+    def test_getting_session_value_after_session_reset
+      with_test_route_set do
+        get '/set_session_value'
+        assert_response :success
+        assert cookies['_session_id']
+        session_cookie = cookies.send(:hash_for)['_session_id']
+
+        get '/call_reset_session'
+        assert_response :success
+        assert_not_equal [], headers['Set-Cookie']
+
+        cookies << session_cookie # replace our new session_id with our old, pre-reset session_id
+
+        get '/get_session_value'
+        assert_response :success
+        assert_equal 'foo: nil', response.body, "data for this session should have been obliterated from memcached"
+      end
+    end
+
+    def test_getting_from_nonexistent_session
+      with_test_route_set do
+        get '/get_session_value'
+        assert_response :success
+        assert_equal 'foo: nil', response.body
+        assert_nil cookies['_session_id'], "should only create session on write, not read"
+      end
+    end
+
     def test_setting_session_value_after_session_reset
       with_test_route_set do
         get '/set_session_value'
@@ -86,7 +113,7 @@ class MemCacheStoreTest < ActionController::IntegrationTest
 
         get '/get_session_id'
         assert_response :success
-        assert_equal session_id, response.body
+        assert_equal session_id, response.body, "should be able to read session id without accessing the session hash"
       end
     end
 
-- 
cgit v1.2.3