Permalink
Browse files

Avoid Rack security warning no secret provided

This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
  • Loading branch information...
1 parent 8ba3df0 commit 95fe9ef945a35f56fa1c3ef356aec4a3b868937c @spastorino spastorino committed with tenderlove Jan 8, 2013
Showing with 2 additions and 0 deletions.
  1. +2 −0 actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -25,6 +25,8 @@ def destroy
module Compatibility
def initialize(app, options = {})
options[:key] ||= '_session_id'
+ # FIXME Rack's secret is not being used
+ options[:secret] ||= SecureRandom.hex(30)
super
end

0 comments on commit 95fe9ef

Please sign in to comment.