lib/action_controller/session/cookie_store.rb in actionpack-2.3.9 vs lib/action_controller/session/cookie_store.rb in actionpack-2.3.10
- old
+ new
@@ -99,11 +99,12 @@
status, headers, body = @app.call(env)
session_data = env[ENV_SESSION_KEY]
options = env[ENV_SESSION_OPTIONS_KEY]
-
- if !session_data.is_a?(AbstractStore::SessionHash) || session_data.loaded? || options[:expire_after]
+ request = ActionController::Request.new(env)
+
+ if !(options[:secure] && !request.ssl?) && (!session_data.is_a?(AbstractStore::SessionHash) || session_data.loaded? || options[:expire_after])
session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.loaded?
persistent_session_id!(session_data)
session_data = marshal(session_data.to_hash)