Permalink
Browse files

fixed initializing session secret (for signing cookies) at the first …

…start (bnc#792632)
  • Loading branch information...
1 parent bfe2683 commit 5957f69890c33ce92bc357b35146739503a8364c @lslezak lslezak committed Dec 5, 2012
@@ -16,18 +16,5 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#++
-
-# config.action_controller.session = {
-# :key => '_yast-api_session',
-# # It is overwritten during install time (bnc#550635), do not change key # RORSCAN_INL
-# :secret => '9d11bfc98abcf9799082d9c34ec94dc1cc926f0f1bf4bea8c440b497d96b14c1f712c8784d0303ee7dd69e382c3e5e4d38d4c56d1b619eae7acaa6516cd733b1'
-# }
-
Webyast::Application.config.session_store :cookie_store, :key=> '_webyast_session'
-#Rails.application.config.cookie_secret = '9d11bfc98abcf9799082d9c34ec94dc1cc926f0f1bf4bea8c440b497d96b14c1f712c8784d0303ee7dd69e382c3e5e4d38d4c56d1b619eae7acaa6516cd733b1'
-
-# Use the database for sessions instead of the cookie-based default,
-# which shouldn't be used to store highly confidential information
-# (create the session table with "rails generate session_migration")
-# Webyast::Application.config.session_store :active_record_store
@@ -207,7 +207,7 @@ case "$1" in
rc_status -v
rc_exit
fi
- sed -i 's/9d11bfc98abcf9799082d9c34ec94dc1cc926f0f1bf4bea8c440b497d96b14c1f712c8784d0303ee7dd69e382c3e5e4d38d4c56d1b619eae7acaa6516cd733b1/'"$SECRET"/ /srv/www/webyast/config/environment.rb
+ sed -i 's/a25bdf1cfcaea649ced4549e9d2b2b6ad4cf077badc774ca034a7ba57ae17f6e1185ed07bcc4ac20fb2d062d2afa975024fca03ede7b4c5002ca68386caa27a0/'"$SECRET"/ /srv/www/webyast/config/initializers/secret_token.rb
# clear cache (drop possibly obsoleted values)
(cd /srv/www/webyast/ && rake -s tmp:cache:clear)
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Wed Dec 5 12:59:11 UTC 2012 - lslezak@suse.cz
+
+- fixed initializing session secret (for signing cookies) at the
+ first start (bnc#792632)
+
+-------------------------------------------------------------------
Wed Nov 28 17:46:21 UTC 2012 - lslezak@suse.cz
- control panel - logout after 2 hours timeout (bnc#789742)
@@ -514,7 +514,7 @@ fi
%config /etc/sysconfig/SuSEfirewall2.d/services/webyast
%config /usr/share/%{webyast_polkit_dir}/org.opensuse.yast.permissions.policy
-%config %{webyast_dir}/config/environment.rb
+%config %{webyast_dir}/config/initializers/secret_token.rb
%config(noreplace) /etc/yast_user_roles
%config %{_sysconfdir}/init.d/%{webyast_service}
%{_sbindir}/rc%{webyast_service}

0 comments on commit 5957f69

Please sign in to comment.