Permalink
Browse files

Avoid Rack security warning no secret provided

This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
  • Loading branch information...
1 parent f1e977c commit 4d5f950ee381b571efa2b6f1dffc4a3f0b1f60a7 @spastorino spastorino committed Jan 8, 2013
Showing with 2 additions and 0 deletions.
  1. +2 −0 actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -25,6 +25,8 @@ def destroy
module Compatibility
def initialize(app, options = {})
options[:key] ||= '_session_id'
+ # FIXME Rack's secret is not being used
+ options[:secret] ||= SecureRandom.hex(30)
super
end

0 comments on commit 4d5f950

Please sign in to comment.