From cd9b8edfe23a9cc857767f54f753aeb950c95033 Mon Sep 17 00:00:00 2001
From: Harald Eilertsen <haraldei@anduin.net>
Date: Tue, 17 Apr 2018 08:47:59 +0200
Subject: Temporarily revert back to cookie based sessions.

This also reverts the patch making data and session_id mass assignable
in the session database table. It had no effect.
---
 config/initializers/session_store.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 7e1f190..0f87762 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -3,9 +3,9 @@
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information
 # (create the session table with "rails generate session_migration")
-BetaWebApp::Application.config.session_store :active_record_store
+# BetaWebApp::Application.config.session_store :active_record_store
 
-# Make the data and session_id columns mass-assignable,
-# hopefully fends off nasty session bugs,
-# source: https://github.com/rails/activerecord-session_store/issues/6#issuecomment-26214581
-ActiveRecord::SessionStore::Session.attr_accessible :data, :session_id
+
+# Temporarily revert to cookie based sessions
+# Cookie is signed, but not encrypted in Rails 3.x
+BetaWebApp::Application.config.session_store :cookie_store
-- 
cgit v1.2.3