Permalink
Browse files

use secure random

  • Loading branch information...
1 parent 888ef0e commit 7d238c93649bb2f6fadcd6efe011ddba942c380f @rkh rkh committed May 4, 2011
Showing with 4 additions and 1 deletion.
  1. +2 −0 CHANGES
  2. +2 −1 lib/sinatra/base.rb
View
@@ -29,6 +29,8 @@
* Added `request.accept?` and `request.preferred_type` to ease dealing with
`Accept` headers. (Konstantin Haase)
+ * Uses SecureRandom to generate default session secret. (Konstantin Haase)
+
= 1.2.6 / 2011-05-01
* Fix broken delegation, backport delegation tests from Sinatra 1.3.
View
@@ -4,6 +4,7 @@
require 'sinatra/rack'
require 'sinatra/showexceptions'
require 'tilt'
+require 'securerandom'
module Sinatra
VERSION = '1.3.0'
@@ -1394,7 +1395,7 @@ def self.force_encoding(data, *) data end
set :add_charset, [/^text\//, 'application/javascript', 'application/xml', 'application/xhtml+xml']
# explicitly generating this eagerly to play nice with preforking
- set :session_secret, '%x' % rand(2**255)
+ set :session_secret, '%x' % SecureRandom.random_number(2**255)
class << self
alias_method :methodoverride?, :method_override?

0 comments on commit 7d238c9

Please sign in to comment.