Skip to content
Browse files

if cookie is tampered with then nil is returned [ci skip]

if the given key is not found then verifier does raise
`ActiveSupport::MessageVerifier::InvalidSignature` exception
but this exception is resuced and finally nil is returned.
  • Loading branch information...
1 parent 8caafd9 commit d36cfa2231dba9ebf3bc6900b136b205c4b51af1 @neerajdotname neerajdotname committed
Showing with 2 additions and 4 deletions.
  1. +2 −4 actionpack/lib/action_dispatch/middleware/cookies.rb
View
6 actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -115,8 +115,7 @@ def permanent
# Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
# the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
- # cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
- # be raised.
+ # cookie was tampered with by the user (or a 3rd party), nil will be returned.
#
# This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
#
@@ -142,8 +141,7 @@ def signed_using_old_secret #:nodoc:
end
# Returns a jar that'll automatically encrypt cookie values before sending them to the client and will decrypt them for read.
- # If the cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception
- # will be raised.
+ # If the cookie was tampered with by the user (or a 3rd party), nil will be returned.
#
# This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
#

0 comments on commit d36cfa2

Please sign in to comment.
Something went wrong with that request. Please try again.