mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-25 04:34:04 +08:00
31306d5f71
By default, Rack/Rails will include the session cookie in every response, even if its content hasn't changed. This makes race conditions very likely when multiple requests are made in parallel.
16 lines
556 B
Ruby
Vendored
16 lines
556 B
Ruby
Vendored
# frozen_string_literal: true
|
|
|
|
describe ActionDispatch::Session::DiscourseCookieStore, type: :request do
|
|
it "only writes session cookie when changed" do
|
|
get "/session/csrf.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.cookies["_forum_session"]).to be_present
|
|
csrf_token = session[:_csrf_token]
|
|
expect(csrf_token).to be_present
|
|
|
|
get "/session/csrf.json"
|
|
expect(response.status).to eq(200)
|
|
expect(response.cookies["_forum_session"]).not_to be_present
|
|
expect(session[:_csrf_token]).to eq(csrf_token)
|
|
end
|
|
end
|
