Permalink
Browse files

Avoid Rack security warning no secret provided

This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
  • Loading branch information...
1 parent fa3f51f commit cb3181e81e3a0e9d03450c7065fcc226e2e1731c @spastorino spastorino committed Jan 8, 2013
Showing with 2 additions and 0 deletions.
  1. +2 −0 actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -21,6 +21,8 @@ def initialize(const_error)
module Compatibility
def initialize(app, options = {})
options[:key] ||= '_session_id'
+ # FIXME Rack's secret is not being used
+ options[:secret] ||= SecureRandom.hex(30)
super
end

0 comments on commit cb3181e

Please sign in to comment.