Permalink
Browse files

Merge pull request #9916 from neerajdotname/no-exception-when-cookie-…

…is-tampered-with

nil is retuned if cookie is tampered with [ci skip]
  • Loading branch information...
2 parents 8caafd9 + d36cfa2 commit 3450eff02d9d350a81e79996a5f116a68dffa2c1 @rafaelfranca rafaelfranca committed Mar 25, 2013
Showing with 2 additions and 4 deletions.
  1. +2 −4 actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -115,8 +115,7 @@ def permanent
# Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
# the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
- # cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
- # be raised.
+ # cookie was tampered with by the user (or a 3rd party), nil will be returned.
#
# This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
#
@@ -142,8 +141,7 @@ def signed_using_old_secret #:nodoc:
end
# Returns a jar that'll automatically encrypt cookie values before sending them to the client and will decrypt them for read.
- # If the cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception
- # will be raised.
+ # If the cookie was tampered with by the user (or a 3rd party), nil will be returned.
#
# This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
#

0 comments on commit 3450eff

Please sign in to comment.