Permalink
Browse files

Disallow ability to use EncryptedCookieJar with DummyKeyGenerator

Developers must set config.secret_key_base in
config/initializers/secret_token.rb
  • Loading branch information...
1 parent 4faa041 commit d63783983f8c03d5c624938081615579dcc753f7 @spastorino spastorino committed Nov 2, 2012
Showing with 5 additions and 0 deletions.
  1. +5 −0 actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -347,6 +347,11 @@ def method_missing(method, *arguments, &block)
class EncryptedCookieJar < SignedCookieJar #:nodoc:
def initialize(parent_jar, key_generator, options = {})
+ if ActiveSupport::DummyKeyGenerator === key_generator
+ raise "Encrypted Cookies must be used in conjunction with config.secret_key_base." +
+ "Set config.secret_key_base in config/initializers/secret_token.rb"
+ end
+
@parent_jar = parent_jar
@options = options
secret = key_generator.generate_key(@options[:encrypted_cookie_salt])

0 comments on commit d637839

Please sign in to comment.