aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Eilertsen <haraldei@anduin.net>2018-04-17 08:47:59 +0200
committerHarald Eilertsen <haraldei@anduin.net>2018-04-17 08:47:59 +0200
commitcd9b8edfe23a9cc857767f54f753aeb950c95033 (patch)
tree30802b1ae2a8a33e892af1e3545730c84006a352
parent07e9b02a36b12762210062afef15632b3a7564e2 (diff)
downloadhmnoweb-cd9b8edfe23a9cc857767f54f753aeb950c95033.tar.gz
hmnoweb-cd9b8edfe23a9cc857767f54f753aeb950c95033.tar.bz2
hmnoweb-cd9b8edfe23a9cc857767f54f753aeb950c95033.zip
Temporarily revert back to cookie based sessions.
This also reverts the patch making data and session_id mass assignable in the session database table. It had no effect.
-rw-r--r--config/initializers/session_store.rb10
1 files changed, 5 insertions, 5 deletions
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 7e1f190..0f87762 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -3,9 +3,9 @@
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
# (create the session table with "rails generate session_migration")
-BetaWebApp::Application.config.session_store :active_record_store
+# BetaWebApp::Application.config.session_store :active_record_store
-# Make the data and session_id columns mass-assignable,
-# hopefully fends off nasty session bugs,
-# source: https://github.com/rails/activerecord-session_store/issues/6#issuecomment-26214581
-ActiveRecord::SessionStore::Session.attr_accessible :data, :session_id
+
+# Temporarily revert to cookie based sessions
+# Cookie is signed, but not encrypted in Rails 3.x
+BetaWebApp::Application.config.session_store :cookie_store