From 0485d3a52408cb1819ce2771cc48a76fb49b8629 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sat, 21 Nov 2009 10:02:39 +0000 Subject: [PATCH] Reset session on login/logout (#4248). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3080 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/application_controller.rb | 2 +- test/integration/account_test.rb | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2bcfac95..1f896795 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -61,12 +61,12 @@ class ApplicationController < ActionController::Base # Sets the logged in user def logged_user=(user) + reset_session if user && user.is_a?(User) User.current = user session[:user_id] = user.id else User.current = User.anonymous - session[:user_id] = nil end end diff --git a/test/integration/account_test.rb b/test/integration/account_test.rb index 497d510f..c612ea23 100644 --- a/test/integration/account_test.rb +++ b/test/integration/account_test.rb @@ -182,6 +182,24 @@ class AccountTest < ActionController::IntegrationTest assert user.hashed_password.blank? end + def test_login_and_logout_should_clear_session + get '/login' + sid = session[:session_id] + + post '/login', :username => 'admin', :password => 'admin' + assert_redirected_to 'my/page' + assert_not_equal sid, session[:session_id], "login should reset session" + assert_equal 1, session[:user_id] + sid = session[:session_id] + + get '/' + assert_equal sid, session[:session_id] + + get '/logout' + assert_not_equal sid, session[:session_id], "logout should reset session" + assert_nil session[:user_id] + end + else puts 'Mocha is missing. Skipping tests.' end -- 2.11.0