Fallback to the legacy id when the new id is not found

rafaelfranca · tenderlove · commit 6a04bbf6b742 · 2019-12-17T09:54:34.000-08:00
This will avoid all session to be invalidated.
diff --git a/lib/rack/session/memcache.rb b/lib/rack/session/memcache.rb
@@ -48,7 +48,7 @@ def generate_sid
 
       def get_session(env, sid)
         with_lock(env) do
-          unless sid and session = @pool.get(sid.private_id)
+          unless sid and session = get_session_with_fallback(sid)
             sid, session = generate_sid, {}
             unless /^STORED/ =~ @pool.add(sid.private_id, session)
               raise "Session collision on '#{sid.inspect}'"
@@ -88,6 +88,11 @@ def with_lock(env)
         @mutex.unlock if @mutex.locked?
       end
 
+      private
+
+      def get_session_with_fallback(sid)
+        @pool.get(sid.private_id) || @pool.get(sid.public_id)
+      end
     end
   end
 end
diff --git a/test/spec_session_memcache.rb b/test/spec_session_memcache.rb
@@ -235,6 +235,24 @@
       ses1.wont_equal ses0
     end
 
+    it "can read the session with the legacy id" do
+      pool = Rack::Session::Memcache.new(incrementor)
+      req = Rack::MockRequest.new(pool)
+
+      res0 = req.get("/")
+      cookie = res0["Set-Cookie"]
+      session_id = Rack::Session::SessionId.new cookie[session_match, 1]
+      ses0 = pool.pool.get(session_id.private_id, true)
+      pool.pool.set(session_id.public_id, ses0, 0, true)
+      pool.pool.delete(session_id.private_id)
+
+
+      res1 = req.get("/", "HTTP_COOKIE" => cookie)
+      res1["Set-Cookie"].must_be_nil
+      res1.body.must_equal '{"counter"=>2}'
+      pool.pool.get(session_id.private_id, true).wont_be_nil
+    end
+
     # anyone know how to do this better?
     it "cleanly merges sessions when multithreaded" do
       skip unless $DEBUG
