Merged pull request #198 from robdimarco/2-3-stable.

Patch for issue 6440 - Session Reset undefined method `destroy' for {}:Hash 

actionpack/lib/action_controller/request.rb

@@ -446,7 +446,9 @@ def session=(session) #:nodoc:
     end
 
     def reset_session
-      session.destroy if session
+      # session may be a hash, if so, we do not want to call destroy
+      # fixes issue 6440
+      session.destroy if session and session.respond_to?(:destroy)
       self.session = {}
     end
 

actionpack/test/controller/session/cookie_store_test.rb

@@ -42,6 +42,12 @@ def call_session_clear
       head :ok
     end
 
+    def call_reset_session_twice
+      reset_session
+      reset_session
+      head :ok
+    end
+
     def call_reset_session
       reset_session
       head :ok
@@ -190,6 +196,44 @@ def test_doesnt_write_session_cookie_if_session_is_unchanged
     end
   end
 
+  def test_calling_session_reset_twice
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      session_payload = response.body
+      assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
+        headers['Set-Cookie']
+
+      get '/call_reset_session_twice'
+      assert_response :success
+      assert_not_equal "", headers['Set-Cookie']
+      assert_not_equal session_payload, cookies[SessionKey]
+
+      get '/get_session_value'
+      assert_response :success
+      assert_equal 'foo: nil', response.body
+    end
+  end
+
+  def test_setting_session_value_after_session_reset
+    with_test_route_set do
+      get '/set_session_value'
+      assert_response :success
+      session_payload = response.body
+      assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
+        headers['Set-Cookie']
+
+      get '/call_reset_session'
+      assert_response :success
+      assert_not_equal "", headers['Set-Cookie']
+      assert_not_equal session_payload, cookies[SessionKey]
+
+      get '/get_session_value'
+      assert_response :success
+      assert_equal 'foo: nil', response.body
+    end
+  end
+
   def test_setting_session_value_after_session_reset
     with_test_route_set do
       get '/set_session_value'