A Rails 2.3.9 app with Active Record or Memcache session store will never send the session ID cookie to a client if the client doesn't send any HTTP cookies in its requests. Rails integration tests didn't catch this because they always send the HTTP_COOKIE header, even if it's empty.
This is a huge bug, as it can break keeping sessions on sites which don't set any additional cookies for its visitors. Visitors without existing cookies will not be able to log in, for example (this is how I discovered the bug). Lighthouse ticket and fix is here.<https://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/5581-session-cookie-not-sent-with-activerecord-or-memcache-store-in-rails-239> An unobtrusive monkeypatch for existing apps can also be found on the ticket. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-c...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
