Fix a force ssl redirection bug that occur when session store disabled.

actionpack/lib/action_controller/metal/force_ssl.rb

@@ -89,7 +89,7 @@ def force_ssl_redirect(host_or_options = nil)
         end
 
         secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
-        flash.keep if respond_to?(:flash)
+        flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
         redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
       end
     end

actionpack/test/controller/force_ssl_test.rb

@@ -92,6 +92,22 @@ def cheeseburger
   end
 end
 
+class RedirectToSSLIfSessionStoreDisabled < ForceSSLController
+  def banana
+    request.class_eval do
+      alias_method :flash_origin, :flash
+      undef_method :flash
+    end
+
+    force_ssl_redirect || render(plain: "monkey")
+  ensure
+    request.class_eval do
+      alias_method :flash, :flash_origin
+      undef_method :flash_origin
+    end
+  end
+end
+
 class ForceSSLControllerLevelTest < ActionController::TestCase
   def test_banana_redirects_to_https
     get :banana
@@ -321,6 +337,14 @@ def test_cheeseburgers_does_not_redirect_if_already_https
   end
 end
 
+class RedirectToSSLIfSessionStoreDisabledTest < ActionController::TestCase
+  def test_banana_redirects_to_https_if_not_https_and_session_store_disabled
+    get :banana
+    assert_response 301
+    assert_equal "https://test.host/redirect_to_ssl_if_session_store_disabled/banana", redirect_to_url
+  end
+end
+
 class ForceSSLControllerLevelTest < ActionController::TestCase
   def test_no_redirect_websocket_ssl_request
     request.env["rack.url_scheme"] = "wss"