Avoid Rack security warning no secret provided

This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
author: Santiago Pastorino <santiago@wyeworks.com> 2013-01-08 00:25:24 -0200
committer: Santiago Pastorino <santiago@wyeworks.com> 2013-01-08 00:33:16 -0200
commit: cb3181e81e3a0e9d03450c7065fcc226e2e1731c (patch)
tree: bca9a2b08076385f2014b24dc3c06046a4e4f0f4 /actionpack/lib/action_dispatch/middleware/session
parent: fa3f51f734d968b9db91c0311fbd4a367ae02f5f (diff)
download: rails-cb3181e81e3a0e9d03450c7065fcc226e2e1731c.tar.gz
rails-cb3181e81e3a0e9d03450c7065fcc226e2e1731c.tar.bz2
rails-cb3181e81e3a0e9d03450c7065fcc226e2e1731c.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
index 7c12590c49..6fb16bdfe9 100644
--- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -21,6 +21,8 @@ module ActionDispatch
     module Compatibility
       def initialize(app, options = {})
         options[:key] ||= '_session_id'
+        # FIXME Rack's secret is not being used
+        options[:secret] ||= SecureRandom.hex(30)
         super
       end
author	Santiago Pastorino <santiago@wyeworks.com>	2013-01-08 00:25:24 -0200
committer	Santiago Pastorino <santiago@wyeworks.com>	2013-01-08 00:33:16 -0200
commit	cb3181e81e3a0e9d03450c7065fcc226e2e1731c (patch)
tree	bca9a2b08076385f2014b24dc3c06046a4e4f0f4 /actionpack/lib/action_dispatch/middleware/session
parent	fa3f51f734d968b9db91c0311fbd4a367ae02f5f (diff)
download	rails-cb3181e81e3a0e9d03450c7065fcc226e2e1731c.tar.gz rails-cb3181e81e3a0e9d03450c7065fcc226e2e1731c.tar.bz2 rails-cb3181e81e3a0e9d03450c7065fcc226e2e1731c.zip