diff options
| author | Claudio B <claudiob@inventati.org> | 2017-08-07 20:32:03 -0700 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2017-08-07 22:32:03 -0500 |
| commit | af954ddd54e2b720d84bbf781600a4ef30b0c345 (patch) | |
| tree | 03aceba16b2b108ce46f3ae4f1a0b4b631fbf6a6 /actioncable | |
| parent | 7c89948c416fbc32b59e33a0ab454545b4f6fed7 (diff) | |
| download | rails-af954ddd54e2b720d84bbf781600a4ef30b0c345.tar.gz rails-af954ddd54e2b720d84bbf781600a4ef30b0c345.tar.bz2 rails-af954ddd54e2b720d84bbf781600a4ef30b0c345.zip | |
[ci skip] Prefer cookies.encrypted over signed (#30129)
In some examples and guides we are recommending to use code like:
```ruby
verified_user = User.find_by(id: cookies.signed[:user_id])
```
My suggestion is to use instead:
```ruby
verified_user = User.find_by(id: cookies.encrypted[:user_id])
```
which invites users to prefer the "newer" encrypted cookies over the
"legacy" signed cookies.
Diffstat (limited to 'actioncable')
| -rw-r--r-- | actioncable/README.md | 2 | ||||
| -rw-r--r-- | actioncable/lib/action_cable/connection/base.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/actioncable/README.md b/actioncable/README.md index 6946dbefb0..9667403673 100644 --- a/actioncable/README.md +++ b/actioncable/README.md @@ -53,7 +53,7 @@ module ApplicationCable private def find_verified_user - if verified_user = User.find_by(id: cookies.signed[:user_id]) + if verified_user = User.find_by(id: cookies.encrypted[:user_id]) verified_user else reject_unauthorized_connection diff --git a/actioncable/lib/action_cable/connection/base.rb b/actioncable/lib/action_cable/connection/base.rb index 8dbafe5105..84053db9fd 100644 --- a/actioncable/lib/action_cable/connection/base.rb +++ b/actioncable/lib/action_cable/connection/base.rb @@ -26,7 +26,7 @@ module ActionCable # # private # def find_verified_user - # User.find_by_identity(cookies.signed[:identity_id]) || + # User.find_by_identity(cookies.encrypted[:identity_id]) || # reject_unauthorized_connection # end # end |