From 810a88a156b9a3ee6a0ae3c0f66cd1a21d3d66aa Mon Sep 17 00:00:00 2001
From: Mohamed Emad <73320969+Hulxv@users.noreply.github.com>
Date: Sun, 24 Jul 2022 16:27:25 +0200
Subject: [PATCH] fix: bad interaction between session state changes and
 renewal (#265)

---
 actix-session/CHANGES.md       |  2 ++
 actix-session/src/session.rs   | 12 +++++++---
 actix-session/tests/session.rs | 40 ++++++++++++++++++++++++++++++++++
 3 files changed, 51 insertions(+), 3 deletions(-)

diff --git a/actix-session/CHANGES.md b/actix-session/CHANGES.md
index b1ea34be1..9df2849fe 100644
--- a/actix-session/CHANGES.md
+++ b/actix-session/CHANGES.md
@@ -1,7 +1,9 @@
 # Changes
 
 ## Unreleased - 2021-xx-xx
+- Fix bad interaction between session state changes and renewal. [#265]
 
+[#265]: https://github.com/actix/actix-extras/pull/265
 
 ## 0.7.0 - 2022-07-09
 - Added `TtlExtensionPolicy` enum to support different strategies for extending the TTL attached to the session state. `TtlExtensionPolicy::OnEveryRequest` now allows for long-lived sessions that do not expire if the user remains active. [#233]
diff --git a/actix-session/src/session.rs b/actix-session/src/session.rs
index 219cdde95..145fc189b 100644
--- a/actix-session/src/session.rs
+++ b/actix-session/src/session.rs
@@ -128,7 +128,9 @@ impl Session {
         let mut inner = self.0.borrow_mut();
 
         if inner.status != SessionStatus::Purged {
-            inner.status = SessionStatus::Changed;
+            if inner.status != SessionStatus::Renewed {
+                inner.status = SessionStatus::Changed;
+            }
 
             let key = key.into();
             let val = serde_json::to_string(&value)
@@ -155,7 +157,9 @@ impl Session {
         let mut inner = self.0.borrow_mut();
 
         if inner.status != SessionStatus::Purged {
-            inner.status = SessionStatus::Changed;
+            if inner.status != SessionStatus::Renewed {
+                inner.status = SessionStatus::Changed;
+            }
             return inner.state.remove(key);
         }
 
@@ -187,7 +191,9 @@ impl Session {
         let mut inner = self.0.borrow_mut();
 
         if inner.status != SessionStatus::Purged {
-            inner.status = SessionStatus::Changed;
+            if inner.status != SessionStatus::Renewed {
+                inner.status = SessionStatus::Changed;
+            }
             inner.state.clear()
         }
     }
diff --git a/actix-session/tests/session.rs b/actix-session/tests/session.rs
index 720749ad1..32d24a4b6 100644
--- a/actix-session/tests/session.rs
+++ b/actix-session/tests/session.rs
@@ -68,3 +68,43 @@ async fn session_entries() {
     map.contains_key("test_str");
     map.contains_key("test_num");
 }
+#[actix_web::test]
+async fn insert_session_after_renew() {
+    let session = test::TestRequest::default().to_srv_request().get_session();
+
+    session.insert("test_val", "val").unwrap();
+    assert_eq!(session.status(), SessionStatus::Changed);
+
+    session.renew();
+    assert_eq!(session.status(), SessionStatus::Renewed);
+
+    session.insert("test_val1", "val1").unwrap();
+    assert_eq!(session.status(), SessionStatus::Renewed);
+}
+#[actix_web::test]
+async fn remove_session_after_renew() {
+    let session = test::TestRequest::default().to_srv_request().get_session();
+
+    session.insert("test_val", "val").unwrap();
+    session.remove("test_val").unwrap();
+    assert_eq!(session.status(), SessionStatus::Changed);
+
+    session.renew();
+    session.insert("test_val", "val").unwrap();
+    session.remove("test_val").unwrap();
+    assert_eq!(session.status(), SessionStatus::Renewed);
+}
+
+#[actix_web::test]
+async fn clear_session_after_renew() {
+    let session = test::TestRequest::default().to_srv_request().get_session();
+
+    session.clear();
+    assert_eq!(session.status(), SessionStatus::Changed);
+
+    session.renew();
+    assert_eq!(session.status(), SessionStatus::Renewed);
+
+    session.clear();
+    assert_eq!(session.status(), SessionStatus::Renewed);
+}