With null_session, cookies.signed raises exception #9168

js1888 opened this Issue Feb 4, 2013 · 3 comments

3 participants


In Edge Rails (443be75), using cookies.signed with a null_session raises "TypeError (can't convert nil into String)" at "rails/activesupport/lib/active_support/key_generator.rb:21:in `pbkdf2_hmac_sha1'".

# application_controller.rb
class ApplicationController < ActionController::Base
  protect_from_forgery with: :null_session
  def index
    cookies.signed[:foo] = 'foo'

# routes.rb
Railstest::Application.routes.draw { post '/' => 'application#index' }

$ curl -d mydata http://localhost:3000

I've tried to reproduce your case, but :null_session with signed cookies works just fine for me. I've tried with the following Gemfiles:

source 'https://rubygems.org'
gem 'rails', :git => 'git://github.com/rails/rails.git'
source 'https://rubygems.org'
gem 'rails', :git => 'git://github.com/rails/rails.git', :ref => '443be75'

I just reproduced it with these steps. Here's the response and stack trace. Here's my Gemfile and Gemfile.lock. Anything look wrong or weird with my setup?

@spastorino spastorino closed this in 4127332 Feb 8, 2013
Ruby on Rails member

I've removed the CHANGELOG entry b5645d0 because there's no need to provide that for a feature that was not released yet.
Sorry for making you go back and forth.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment