Dup the arguments to string compare so we can use force_encoding.

NZKoz · NZKoz · commit 76e971ecfbb5 · 2009-09-13T10:38:57.000+12:00
diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -168,8 +168,8 @@ def clear_old_cookie_value
     if "foo".respond_to?(:force_encoding)
       # constant-time comparison algorithm to prevent timing attacks
       def secure_compare(a, b)
-        a = a.force_encoding(Encoding::BINARY)
-        b = b.force_encoding(Encoding::BINARY)
+        a = a.dup.force_encoding(Encoding::BINARY)
+        b = b.dup.force_encoding(Encoding::BINARY)
     
         if a.length == b.length
           result = 0
