Changeset 6424
- Timestamp:
- 03/14/07 11:33:10 (1 year ago)
- Files:
-
- trunk/actionpack/CHANGELOG (modified) (1 diff)
- trunk/actionpack/lib/action_controller/session/cookie_store.rb (modified) (2 diffs)
- trunk/actionpack/test/controller/session/cookie_store_test.rb (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/actionpack/CHANGELOG
r6422 r6424 1 1 *SVN* 2 3 * Cookie session store: ensure that new sessions doesn't reuse data from a deleted session in the same request. [Jeremy Kemper] 2 4 3 5 * Deprecation: verification with :redirect_to => :named_route shouldn't be deprecated. #7525 [Justin French] trunk/actionpack/lib/action_controller/session/cookie_store.rb
r6415 r6424 97 97 def delete 98 98 @data = nil 99 clear_old_cookie_value 99 100 write_cookie('value' => '', 'expires' => 1.year.ago) 100 101 end … … 135 136 @session.cgi.send :instance_variable_set, '@output_cookies', [cookie] 136 137 end 138 139 # Clear cookie value so subsequent new_session doesn't reload old data. 140 def clear_old_cookie_value 141 @session.cgi.cookies[@cookie_options['name']].clear 142 end 137 143 end trunk/actionpack/test/controller/session/cookie_store_test.rb
r6415 r6424 136 136 end 137 137 138 def test_new_session_doesnt_reuse_deleted_cookie_data 139 set_cookie! cookie_value(:typical) 140 141 new_session do |session| 142 assert_not_nil session['user_id'] 143 session.delete 144 145 # Start a new session using the same CGI instance. 146 post_delete_session = CGI::Session.new(session.cgi, self.class.default_session_options) 147 assert_nil post_delete_session['user_id'] 148 end 149 end 150 138 151 private 139 152 def assert_no_cookies(session)
