Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


test showing that the :digest option to CookieStore does absolutely nothing anymore #8513

wants to merge 1 commit into from

5 participants


Seems this was broken 3 years ago and no one noticed?


Not sure how best to go about fixing it - if anyone cares? This (:digest) was a good idea, but either no one is using it or has no idea it broke - since it would be a very silent failure.


How would you go about fixing this without hard coding rack.sessions.options into the rails Cookies class?


Huh, hopefully this gets reviewed before Rails 4.0


I believe this is fixed in Master, can someone confirm?


@chancancode can you determine the status of this issue and merge / close accordingly?


Should be as simple and running the test suite and seeing if the test still fails.

@chancancode chancancode self-assigned this

@yyyc514 you are absolutely right, this has been broken since 3.0 by mistake. We should have deprecated the option back then. But since has been so long, and like you said I doubt anyone is using it, and considering how much code we will need to bring back to support this, we should just fix the doc and move on.

If someone is actually looking for a fix for this, I suppose I can help them write a gem that brings this back. Basically you'll just create a new store that uses the cookie store code before 25f7c03...


Works for me I guess. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 14, 2012
  1. @yyyc514
This page is out of date. Refresh to see the latest.
Showing with 13 additions and 1 deletion.
  1. +13 −1 actionpack/test/dispatch/session/cookie_store_test.rb
14 actionpack/test/dispatch/session/cookie_store_test.rb
@@ -11,6 +11,9 @@ class CookieStoreTest < ActionDispatch::IntegrationTest
Verifier =, :digest => 'SHA1')
SignedBar = Verifier.generate(:foo => "bar", :session_id => SecureRandom.hex(16))
+ VerifierMD5 =, :digest => 'MD5')
+ SignedBarMD5 = VerifierMD5.generate(:foo => "bar", :session_id => SecureRandom.hex(16))
class TestController < ActionController::Base
def no_session_access
head :ok
@@ -72,6 +75,15 @@ def test_setting_session_value
+ def test_digest_can_be_changed
+ with_test_route_set(:digest => "MD5") do
+ cookies[SessionKey] = SignedBarMD5
+ get '/get_session_value'
+ assert_response :success
+ assert_equal 'foo: "bar"', response.body
+ end
+ end
def test_getting_session_value
with_test_route_set do
@@ -95,7 +107,7 @@ def test_getting_session_id
assert_equal "id: #{session_id}", response.body, "should be able to read session id without accessing the session hash"
def test_disregards_tampered_sessions
with_test_route_set do
cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--123456780"
Something went wrong with that request. Please try again.