choonkeat/gist:78819

## gistfile1.rb
# This controller illustrates the problem of Rails sending "Set-Cookie" back to the client
# when cookie-store is being used -- even when session data has NOT changed.

class HomeController < ApplicationController
  def index
    %w[one two three four five six].each do |word|
      session[word] = word
    end
    render :text => "<a href='#{url_for(:action => 'show')}'>click here</a>"
  end

  def reset
    session.delete
    redirect_to :action => 'index'
  end

  # 1. Click on "reload page" repeatedly.
  # 2. Notice no session data is modified, but the cookie keeps changing
  # 2. Whenever it changes, a "Set-Cookie" response header will be sent to browser
  # 3. This is not good for caching facility like Varnish
  # See next comment block for a fix
  def show
    render :text => "<a href='#{url_for()}'>reload page</a> | <a href='#{url_for(:action => 'reset')}'>reset</a><br />" +
                    CGI.escapeHTML(session.instance_variable_get('@data').inspect) + "<br />" +
                    CGI.escapeHTML(request.cookies.inspect)
  end
end

# The Fix: use an ordered hash instead.
# 1. Uncomment the code below
# 2. Restart your server & reset the cookies
# 3. Repeated clicks on "reload page" should yield the same cookie string henceforth
#
# CGI::Session::CookieStore.class_eval do
#   def restore
#     @original = read_cookie
#     # Commented off faulty code in action_controller/session/cookie_store.rb
#     # @data = unmarshal(@original) || {}
#     @data = unmarshal(@original) || ActiveSupport::OrderedHash.new
#   end
# end
	# This controller illustrates the problem of Rails sending "Set-Cookie" back to the client
	# when cookie-store is being used -- even when session data has NOT changed.

	class HomeController < ApplicationController
	def index
	%w[one two three four five six].each do \|word\|
	session[word] = word
	end
	render :text => "<a href='#{url_for(:action => 'show')}'>click here</a>"
	end

	def reset
	session.delete
	redirect_to :action => 'index'
	end

	# 1. Click on "reload page" repeatedly.
	# 2. Notice no session data is modified, but the cookie keeps changing
	# 2. Whenever it changes, a "Set-Cookie" response header will be sent to browser
	# 3. This is not good for caching facility like Varnish
	# See next comment block for a fix
	def show
	render :text => "<a href='#{url_for()}'>reload page</a> \| <a href='#{url_for(:action => 'reset')}'>reset</a><br />" +
	CGI.escapeHTML(session.instance_variable_get('@data').inspect) + "<br />" +
	CGI.escapeHTML(request.cookies.inspect)
	end
	end

	# The Fix: use an ordered hash instead.
	# 1. Uncomment the code below
	# 2. Restart your server & reset the cookies
	# 3. Repeated clicks on "reload page" should yield the same cookie string henceforth
	#
	# CGI::Session::CookieStore.class_eval do
	# def restore
	# @original = read_cookie
	# # Commented off faulty code in action_controller/session/cookie_store.rb
	# # @data = unmarshal(@original) \|\| {}
	# @data = unmarshal(@original) \|\| ActiveSupport::OrderedHash.new
	# end
	# end