Reset session on login/logout (#4248).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3080 e93f8b46-1217-0410-a6f0-8f06a7374b81

Reset session on login/logout (#4248).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3080 e93f8b46-1217-0410-a6f0-8f06a7374b81
0485d3a5 · Jean-Philippe Lang · 4e3202d2 · 0485d3a5 · 0485d3a5
Commit 0485d3a5 authored Nov 21, 2009 by Jean-Philippe Lang
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 1 deletion

application_controller.rb app/controllers/application_controller.rb +1 -1

account_test.rb test/integration/account_test.rb +18 -0

No files found.
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -61,12 +61,12 @@ class ApplicationController < ActionController::Base
  
  # Sets the logged in user
  def logged_user=(user)
+    reset_session
    if user && user.is_a?(User)
      User.current = user
      session[:user_id] = user.id
    else
      User.current = User.anonymous
-      session[:user_id] = nil
    end
  end
  

--- a/test/integration/account_test.rb
+++ b/test/integration/account_test.rb
@@ -182,6 +182,24 @@ class AccountTest < ActionController::IntegrationTest
    assert user.hashed_password.blank?
  end
  
+  def test_login_and_logout_should_clear_session
+    get '/login'
+    sid = session[:session_id]
+    
+    post '/login', :username => 'admin', :password => 'admin'
+    assert_redirected_to 'my/page'
+    assert_not_equal sid, session[:session_id], "login should reset session"
+    assert_equal 1, session[:user_id]
+    sid = session[:session_id]
+    
+    get '/'
+    assert_equal sid, session[:session_id]
+      
+    get '/logout'
+    assert_not_equal sid, session[:session_id], "logout should reset session"
+    assert_nil session[:user_id]
+  end
+  
  else
    puts 'Mocha is missing. Skipping tests.'
  end