The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.

We want to get rid of the `Live::Response` so we are consolidating methods
from `Live::Response` and `Response` by merging them together.

This adds an `#empty` method to the request so we don't need to
hard-code the empty array each time we call an empty
`ActionDispatch::Request`.

The work here is a continuation on combining controller and integration
test code bases into one.

With changes made in 8363b8 and ae291421 cookies that are mutated on the
request like `cookies.signed = x` were not retained in subsequent tests,
breaking cookie authentiation in controller tests.

The test added demonstrates the issue.

The reason we need to select from non-deleted cookies is because without
checking the `@delete_cookies` the `cookie_jar` `@cookies` will send the
wrong cookies to be updated. The code must check for `@deleted_cookies`
before sending an `#update` with the requests cookie_jar cookies.
This follows how the cookie_jar cookies from the request were updated
before these changes.

Using `assert_predicate` and `assert_match` instead of just `assert` is
preferrable because better error messages are output.

In the case of `assert response.cookies.empty?` the error message was
`Failed assertion, no message given.` but now with `assert_predicate` it
will be `Expected {"user_name"=>"david"} to be empty?.`

For `assert_match(/user_name=david/,
response.headers["Set-Cookie"])` as well, the message returned was
unhelpful - `Failed assertion, no message given.` but now will tell what
was expected and what was returned with `Expected /user_name=david/ to
match "user_name=nope; path=/".`

Some `require 'openssl'` statements were surrounded by `rescue` blocks to deal with Ruby versions that did not support `OpenSSL::Digest::SHA1` or `OpenSSL::PKCS5`.

[As @jeremy explains](https://github.com/rails/rails/commit/a6a0904fcb12b876469c48b1c885aadafe9188cf#commitcomment-8826666) in the original commit:

> If jruby didn't have jruby-openssl gem, the require wouldn't work. Not sure whether either of these are still relevant today.

According to the [release notes for JRuby 1.7.13](http://www.jruby.org/2014/06/24/jruby-1-7-13.html):

> jruby-openssl 0.9.5 bundled

which means the above `rescue` block is not needed anymore.

All the Ruby versions supported by the current version of Rails provide those OpenSSL libraries, so Travis CI should also be happy by removing the `rescue` blocks.

---

Just to confirm, with JRuby:

    $ ruby --version #=> jruby 1.7.16.1 (1.9.3p392) 2014-10-28 4e93f31 on Java HotSpot(TM) 64-Bit Server VM 1.8.0_20-b26 +jit [darwin-x86_64]
    $ irb
    irb(main):001:0> require 'openssl' #=> true
    irb(main):002:0> OpenSSL::Digest::SHA1 #=> OpenSSL::Digest::SHA1
    irb(main):003:0> OpenSSL::PKCS5 # => OpenSSL::PKCS5

And with Ruby 2.1:

    $ ruby --version #=> ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-darwin13.0]
    $ irb
    irb(main):001:0> require 'openssl' #=> true
    irb(main):002:0> OpenSSL::Digest::SHA1 #=> OpenSSL::Digest::SHA1
    irb(main):003:0> OpenSSL::PKCS5 #=> OpenSSL::PKCS5

This commit improves performance of cookie tests:

Ruby  |   After  |   Before
----- | --------:| --------:
MRI   |    5.03s |     9.28s
JRuby |   25.45s |  1648.23s

Please note the improvement for JRuby.

Use the Active Support JSON encoder for cookie jars using the `:json` or
`:hybrid` serializer. This allows you to serialize custom Ruby objects into
cookies by defining the `#as_json` hook on such objects.

Fixes #16520.

You can now configure custom digest for cookies in the same way as `serializer`:

  config.action_dispatch.cookies_digest = 'SHA256'

This reverts commit 70597762, reversing
changes made to dde91e9b.

IT BROKE THE BUILD!!!

You can now configure custom digest for cookies in the same way as `serializer`:

config.action_dispatch.cookies_digest = \SHA256'

Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
cookies are marshal-encoded. This is not the case when `secret_token` is
used in conjunction with the `:json` or `:hybrid` serializer.

In those case, when upgrading to use `secret_key_base`, this would cause a
`TypeError: incompatible marshal file format` and a 500 error for the user.

Fixes #14774.

*Godfrey Chan*

Rename allowed options to :marshal and :json, for custom serializers
only allow the use of custom classes.

MessageEncryptor has :serializer option, where any serializer object can
be passed. This commit make it possible to set this serializer from configuration
level.

There are predefined serializers (:marshal_serializer, :json_serialzier)
and custom serializer can be passed as String, Symbol (camelized and
constantized in ActionDispatch::Session namepspace) or serializer object.

Default :json_serializer was also added to generators to provide secure
defalt.

Allow transparent upgrading of legacy signed cookies to encrypted cookies; Automatically configure cookie-based sessions to use the best cookie jar given the app's config

Introduce UpgradeLegacySignedCookieJar to transparently upgrade existing signed cookies generated by Rails 3 to avoid invalidating them when upgrading to Rails 4

Closes #9302

All ActionPack and Railties tests are passing. Closes #8891.

[Carlos Antonio da Silva + Santiago Pastorino]

How to use it?

cookies.encrypted[:discount] = 45
=> Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/
cookies.encrypted[:discount]
=> 45