diff options
author | Claudio B <claudiob@inventati.org> | 2017-08-07 20:32:03 -0700 |
---|---|---|
committer | David Heinemeier Hansson <david@loudthinking.com> | 2017-08-07 22:32:03 -0500 |
commit | af954ddd54e2b720d84bbf781600a4ef30b0c345 (patch) | |
tree | 03aceba16b2b108ce46f3ae4f1a0b4b631fbf6a6 /actioncable/README.md | |
parent | 7c89948c416fbc32b59e33a0ab454545b4f6fed7 (diff) | |
download | rails-af954ddd54e2b720d84bbf781600a4ef30b0c345.tar.gz rails-af954ddd54e2b720d84bbf781600a4ef30b0c345.tar.bz2 rails-af954ddd54e2b720d84bbf781600a4ef30b0c345.zip |
[ci skip] Prefer cookies.encrypted over signed (#30129)
In some examples and guides we are recommending to use code like:
```ruby
verified_user = User.find_by(id: cookies.signed[:user_id])
```
My suggestion is to use instead:
```ruby
verified_user = User.find_by(id: cookies.encrypted[:user_id])
```
which invites users to prefer the "newer" encrypted cookies over the
"legacy" signed cookies.
Diffstat (limited to 'actioncable/README.md')
-rw-r--r-- | actioncable/README.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/actioncable/README.md b/actioncable/README.md index 6946dbefb0..9667403673 100644 --- a/actioncable/README.md +++ b/actioncable/README.md @@ -53,7 +53,7 @@ module ApplicationCable private def find_verified_user - if verified_user = User.find_by(id: cookies.signed[:user_id]) + if verified_user = User.find_by(id: cookies.encrypted[:user_id]) verified_user else reject_unauthorized_connection |