Inherit TestSession from Session::AbstractStore and add indifferent access to Session::AbstractStore.

actionpack/lib/action_controller/base/base.rb

@@ -811,14 +811,8 @@ def initialize_template_class(response)
       end
 
       def assign_shortcuts(request, response)
-        @_request, @_params = request, request.parameters
-
-        @_response         = response
-        @_response.session = request.session
-
-        @_session = @_response.session
-
-        @_headers = @_response.headers
+        @_request, @_response, @_params = request, response, request.parameters
+        @_session, @_headers = @_request.session, @_response.headers
       end
 
       def initialize_current_url

actionpack/lib/action_controller/testing/process.rb

@@ -1,8 +1,9 @@
 require 'rack/session/abstract/id'
+
 module ActionController #:nodoc:
   class TestRequest < ActionDispatch::Request #:nodoc:
-    attr_accessor :cookies, :session_options
-    attr_accessor :query_parameters, :path, :session
+    attr_accessor :cookies
+    attr_accessor :query_parameters, :path
     attr_accessor :host
 
     def self.new(env = {})
@@ -13,18 +14,13 @@ def initialize(env = {})
       super(Rack::MockRequest.env_for("/").merge(env))
 
       @query_parameters   = {}
-      @session            = TestSession.new
-      default_rack_options = Rack::Session::Abstract::ID::DEFAULT_OPTIONS
-      @session_options    ||= {:id => generate_sid(default_rack_options[:sidbits])}.merge(default_rack_options)
+      @env['rack.session'] = TestSession.new
+      @env['rack.session.options'] = TestSession::DEFAULT_OPTIONS.merge(:id => ActiveSupport::SecureRandom.hex(16))
 
       initialize_default_values
       initialize_containers
     end
 
-    def reset_session
-      @session.reset
-    end
-
     # Wraps raw_post in a StringIO.
     def body_stream #:nodoc:
       StringIO.new(raw_post)
@@ -124,10 +120,6 @@ def user_agent=(user_agent)
     end
 
     private
-      def generate_sid(sidbits)
-        "%0#{sidbits / 4}x" % rand(2**sidbits - 1)
-      end
-
       def initialize_containers
         @cookies = {}
       end
@@ -235,62 +227,12 @@ def recycle!
     end
   end
 
-  class TestSession < Hash #:nodoc:
-    attr_accessor :session_id
+  class TestSession < ActionDispatch::Session::AbstractStore::SessionHash #:nodoc:
+    DEFAULT_OPTIONS = ActionDispatch::Session::AbstractStore::DEFAULT_OPTIONS
 
-    def initialize(attributes = nil)
-      reset_session_id
-      replace_attributes(attributes)
-    end
-
-    def reset
-      reset_session_id
-      replace_attributes({ })
-    end
-
-    def data
-      to_hash
-    end
-
-    def [](key)
-      super(key.to_s)
-    end
-
-    def []=(key, value)
-      super(key.to_s, value)
-    end
-
-    def update(hash = nil)
-      if hash.nil?
-        ActiveSupport::Deprecation.warn('use replace instead', caller)
-        replace({})
-      else
-        super(hash)
-      end
-    end
-
-    def delete(key = nil)
-      if key.nil?
-        ActiveSupport::Deprecation.warn('use clear instead', caller)
-        clear
-      else
-        super(key.to_s)
-      end
-    end
-
-    def close
-      ActiveSupport::Deprecation.warn('sessions should no longer be closed', caller)
-    end
-
-  private
-
-    def reset_session_id
-      @session_id = ''
-    end
-
-    def replace_attributes(attributes = nil)
-      attributes ||= {}
-      replace(attributes.stringify_keys)
+    def initialize(session = {})
+      replace(session.stringify_keys)
+      @loaded = true
     end
   end
 

actionpack/lib/action_dispatch/http/request.rb

@@ -451,23 +451,15 @@ def body_stream #:nodoc:
       @env['rack.input']
     end
 
-    def session
-      @env['rack.session'] ||= {}
+    def reset_session
+      self.session_options.delete(:id)
+      self.session = {}
     end
 
     def session=(session) #:nodoc:
       @env['rack.session'] = session
     end
 
-    def reset_session
-      @env['rack.session.options'].delete(:id)
-      @env['rack.session'] = {}
-    end
-
-    def session_options
-      @env['rack.session.options'] ||= {}
-    end
-
     def session_options=(options)
       @env['rack.session.options'] = options
     end

actionpack/lib/action_dispatch/http/response.rb

@@ -34,12 +34,13 @@ class Response < Rack::Response
     DEFAULT_HEADERS = { "Cache-Control" => "no-cache" }
     attr_accessor :request
 
-    attr_accessor :session, :assigns, :template, :layout
+    attr_accessor :assigns, :template, :layout
     attr_accessor :redirected_to, :redirected_to_method_params
 
     attr_writer :header
     alias_method :headers=, :header=
 
+    delegate :session, :to => :request
     delegate :default_charset, :to => 'ActionController::Base'
 
     def initialize

actionpack/lib/action_dispatch/middleware/session/abstract_store.rb

@@ -26,12 +26,12 @@ def session_id
 
         def [](key)
           load! unless @loaded
-          super
+          super(key.to_s)
         end
 
         def []=(key, value)
           load! unless @loaded
-          super
+          super(key.to_s, value)
         end
 
         def to_hash
@@ -40,6 +40,24 @@ def to_hash
           h
         end
 
+        def update(hash = nil)
+          if hash.nil?
+            ActiveSupport::Deprecation.warn('use replace instead', caller)
+            replace({})
+          else
+            super(hash.stringify_keys)
+          end
+        end
+
+        def delete(key = nil)
+          if key.nil?
+            ActiveSupport::Deprecation.warn('use clear instead', caller)
+            clear
+          else
+            super(key.to_s)
+          end
+        end
+
         def data
          ActiveSupport::Deprecation.warn(
            "ActionController::Session::AbstractStore::SessionHash#data " +
@@ -47,6 +65,10 @@ def data
           to_hash
         end
 
+        def close
+          ActiveSupport::Deprecation.warn('sessions should no longer be closed', caller)
+        end
+
         def inspect
           load! unless @loaded
           super
@@ -61,7 +83,7 @@ def load!
             stale_session_check! do
               id, session = @by.send(:load_session, @env)
               (@env[ENV_SESSION_OPTIONS_KEY] ||= {})[:id] = id
-              replace(session)
+              replace(session.stringify_keys)
               @loaded = true
             end
           end

actionpack/lib/action_dispatch/middleware/session/cookie_store.rb

@@ -143,7 +143,8 @@ def load_session(env)
           request = Rack::Request.new(env)
           session_data = request.cookies[@key]
           data = unmarshal(session_data) || persistent_session_id!({})
-          [data[:session_id], data]
+          data.stringify_keys!
+          [data["session_id"], data]
         end
 
         # Marshal a session hash into safe cookie data. Include an integrity hash.
@@ -206,12 +207,12 @@ def persistent_session_id!(data)
         end
 
         def inject_persistent_session_id(data)
-          requires_session_id?(data) ? { :session_id => generate_sid } : {}
+          requires_session_id?(data) ? { "session_id" => generate_sid } : {}
         end
 
         def requires_session_id?(data)
           if data
-            data.respond_to?(:key?) && !data.key?(:session_id)
+            data.respond_to?(:key?) && !data.key?("session_id")
           else
             true
           end

actionpack/test/controller/http_digest_authentication_test.rb

@@ -111,8 +111,6 @@ def authenticate_with_request
   test "authentication request with valid credential and nil session" do
     @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
 
-    # session_id = "" in functional test, but is +nil+ in real life
-    @request.session.session_id = nil
     get :display
 
     assert_response :success

actionpack/test/controller/request/test_request_test.rb

@@ -10,26 +10,27 @@ def setup
   def test_test_request_has_session_options_initialized
     assert @request.session_options
   end
-  
-  Rack::Session::Abstract::ID::DEFAULT_OPTIONS.each_key do |option|
-    test "test_rack_default_session_options_#{option}_exists_in_session_options_and_is_default" do
-      assert_equal(Rack::Session::Abstract::ID::DEFAULT_OPTIONS[option], 
-                   @request.session_options[option], 
+
+  ActionDispatch::Session::AbstractStore::DEFAULT_OPTIONS.each_key do |option|
+    test "rack default session options #{option} exists in session options and is default" do
+      assert_equal(ActionDispatch::Session::AbstractStore::DEFAULT_OPTIONS[option],
+                   @request.session_options[option],
                    "Missing rack session default option #{option} in request.session_options")
     end
-    test "test_rack_default_session_options_#{option}_exists_in_session_options" do
-      assert(@request.session_options.has_key?(option), 
+
+    test "rack default session options #{option} exists in session options" do
+      assert(@request.session_options.has_key?(option),
                    "Missing rack session option #{option} in request.session_options")
     end
   end
-  
+
   def test_session_id_exists_by_default
     assert_not_nil(@request.session_options[:id])
   end
-  
+
   def test_session_id_different_on_each_call
-    prev_id = 
+    prev_id =
     assert_not_equal(@request.session_options[:id], ActionController::TestRequest.new.session_options[:id])
   end
-  
+
 end

actionpack/test/dispatch/session/cookie_store_test.rb

@@ -10,8 +10,7 @@ class CookieStoreTest < ActionController::IntegrationTest
                      :key => SessionKey, :secret => SessionSecret)
 
   Verifier = ActiveSupport::MessageVerifier.new(SessionSecret, 'SHA1')
-
-  SignedBar = "BAh7BjoIZm9vIghiYXI%3D--fef868465920f415f2c0652d6910d3af288a0367"
+  SignedBar = Verifier.generate(:foo => "bar", :session_id => ActiveSupport::SecureRandom.hex(16))
 
   class TestController < ActionController::Base
     def no_session_access

actionpack/test/dispatch/session/test_session_test.rb

@@ -2,37 +2,30 @@
 require 'stringio'
 
 class ActionController::TestSessionTest < ActiveSupport::TestCase
-  
   def test_calling_delete_without_parameters_raises_deprecation_warning_and_calls_to_clear_test_session
     assert_deprecated(/use clear instead/){ ActionController::TestSession.new.delete }
   end
-  
+
   def test_calling_update_without_parameters_raises_deprecation_warning_and_calls_to_clear_test_session
     assert_deprecated(/use replace instead/){ ActionController::TestSession.new.update }
   end
-  
+
   def test_calling_close_raises_deprecation_warning
     assert_deprecated(/sessions should no longer be closed/){ ActionController::TestSession.new.close }
   end
-  
-  def test_defaults
-    session = ActionController::TestSession.new
-    assert_equal({}, session.data)
-    assert_equal('', session.session_id)
-  end
-  
+
   def test_ctor_allows_setting
     session = ActionController::TestSession.new({:one => 'one', :two => 'two'})
     assert_equal('one', session[:one])
     assert_equal('two', session[:two])
   end
-  
+
   def test_setting_session_item_sets_item
     session = ActionController::TestSession.new
     session[:key] = 'value'
     assert_equal('value', session[:key])
   end
-  
+
   def test_calling_delete_removes_item
     session = ActionController::TestSession.new
     session[:key] = 'value'
@@ -40,13 +33,13 @@ def test_calling_delete_removes_item
     session.delete(:key)
     assert_nil(session[:key])
   end
-  
+
   def test_calling_update_with_params_passes_to_attributes
     session = ActionController::TestSession.new()
     session.update('key' => 'value')
     assert_equal('value', session[:key])
   end
-  
+
   def test_clear_emptys_session
     params = {:one => 'one', :two => 'two'}
     session = ActionController::TestSession.new({:one => 'one', :two => 'two'})
@@ -54,5 +47,4 @@ def test_clear_emptys_session
     assert_nil(session[:one])
     assert_nil(session[:two])
   end
-  
-end
+end