Skip to content
Browse files

Missed commit for [6184]. Generate a random secret for new app's cook…

…ie session store.

git-svn-id: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
1 parent 25bb98e commit 45dd256889cddd1a1746d122344a966873e03921 @jeremy jeremy committed Feb 21, 2007
2 railties/CHANGELOG
@@ -1,5 +1,7 @@
+* For new apps, generate a random secret for the cookie-based session store. [Jeremy Kemper]
* Stop swallowing errors during rake test [Koz]
* Update Rails Initializer to use ActionController::Base#view_paths [Rick]
7 railties/helpers/application.rb
@@ -2,6 +2,9 @@
# Likewise, all the methods added will be available for all controllers.
class ApplicationController < ActionController::Base
- # Pick a unique cookie name to distinguish our session data from others'
- session :session_key => '_<%= app_name %>_session_id'
+ # Pick a unique cookie name to distinguish our session from others.
+ # Session data is stored in a cookie by default, so the data is hashed
+ # with a secret to ensure its integrity.
+ session :session_key => '_<%= app_name %>_session',
+ :secret => '<%= CGI::Session.generate_unique_id(app_name) %>'
2 railties/lib/rails_generator/generators/applications/app/USAGE
@@ -13,4 +13,4 @@ WARNING:
Your application will expect to find activerecord, actionpack, and
actionmailer directories in the vendor directory. A popular way to track
the bleeding edge of Rails development is to checkout from source control
- directly to the vendor directory. See
+ directly to the vendor directory. See

0 comments on commit 45dd256

Please sign in to comment.
Something went wrong with that request. Please try again.