From be146d492a2392354bd1979d75b74564d811bbd6 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Sat, 21 Nov 2009 10:33:12 +0000 Subject: [PATCH] Backported r3080 from trunk (#4248). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/0.8-stable@3081 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/account_controller.rb | 2 +- test/integration/account_test.rb | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index 04c3023e0..0335f01f7 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -188,12 +188,12 @@ class AccountController < ApplicationController private def logged_user=(user) + reset_session if user && user.is_a?(User) User.current = user session[:user_id] = user.id else User.current = User.anonymous - session[:user_id] = nil end end end diff --git a/test/integration/account_test.rb b/test/integration/account_test.rb index c6cfd080e..d2c757a01 100644 --- a/test/integration/account_test.rb +++ b/test/integration/account_test.rb @@ -147,6 +147,24 @@ class AccountTest < ActionController::IntegrationTest assert user.hashed_password.blank? end + def test_login_and_logout_should_clear_session + get '/login' + sid = session.session_id + + post '/login', :username => 'admin', :password => 'admin' + assert_redirected_to 'my/page' + assert_not_equal sid, session.session_id, "login should reset session" + assert_equal 1, session[:user_id] + sid = session.session_id + + get '/' + assert_equal sid, session.session_id + + get '/logout' + assert_not_equal sid, session.session_id, "logout should reset session" + assert_nil session[:user_id] + end + else puts 'Mocha is missing. Skipping tests.' end -- 2.39.5