Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

nil is retuned if cookie is tampered with [ci skip] #9916

Merged
merged 1 commit into from

2 participants

@neerajdotname
Collaborator

No description provided.

@rafaelfranca

@neerajdotname could you improve your commit message? I think it is missing something

@neerajdotname neerajdotname if cookie is tampered with then nil is returned [ci skip]
if the given key is not found then verifier does raise
`ActiveSupport::MessageVerifier::InvalidSignature` exception
but this exception is resuced and finally nil is returned.
d36cfa2
@neerajdotname
Collaborator

@rafaelfranca How does this look ?

neerajdotname@d36cfa2

@rafaelfranca rafaelfranca merged commit 3450eff into rails:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 25, 2013
  1. @neerajdotname

    if cookie is tampered with then nil is returned [ci skip]

    neerajdotname authored
    if the given key is not found then verifier does raise
    `ActiveSupport::MessageVerifier::InvalidSignature` exception
    but this exception is resuced and finally nil is returned.
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 4 deletions.
  1. +2 −4 actionpack/lib/action_dispatch/middleware/cookies.rb
View
6 actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -115,8 +115,7 @@ def permanent
# Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
# the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
- # cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
- # be raised.
+ # cookie was tampered with by the user (or a 3rd party), nil will be returned.
#
# This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
#
@@ -142,8 +141,7 @@ def signed_using_old_secret #:nodoc:
end
# Returns a jar that'll automatically encrypt cookie values before sending them to the client and will decrypt them for read.
- # If the cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception
- # will be raised.
+ # If the cookie was tampered with by the user (or a 3rd party), nil will be returned.
#
# This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
#
Something went wrong with that request. Please try again.