Deprecated ActionController::Base.session_options= and ActionController::Base.session_store= in favor of a config.session_store method (which takes params) and a config.cookie_secret variable, which is used in various secret scenarios. The old AC::Base options will continue to work with deprecation warnings.

1 files changed, 2 insertions, 2 deletions

diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index afa7674e40..f1355a83a3 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -165,7 +165,7 @@ module ActionController
 
         # Authenticate with HTTP Digest, returns true or false
         def authenticate_with_http_digest(realm = "Application", &password_procedure)
-          HttpAuthentication::Digest.authenticate(config.session_options[:secret], request, realm, &password_procedure)
+          HttpAuthentication::Digest.authenticate(config.secret, request, realm, &password_procedure)
         end
 
         # Render output including the HTTP Digest authentication header
@@ -238,7 +238,7 @@ module ActionController
       end
 
       def authentication_header(controller, realm)
-        secret_key = controller.config.session_options[:secret]
+        secret_key = controller.config.secret
         nonce = self.nonce(secret_key)
         opaque = opaque(secret_key)
         controller.headers["WWW-Authenticate"] = %(Digest realm="#{realm}", qop="auth", algorithm=MD5, nonce="#{nonce}", opaque="#{opaque}")