Merge pull request #9916 from neerajdotname/no-exception-when-cookie-is-tampered-with

nil is retuned if cookie is tampered with [ci skip]

1 files changed, 2 insertions, 4 deletions

diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 968a6c539e..f21d1d4ee5 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -115,8 +115,7 @@ module ActionDispatch
 
       # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
       # the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
-      # cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
-      # be raised.
+      # cookie was tampered with by the user (or a 3rd party), nil will be returned.
       #
       # This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
       #
@@ -142,8 +141,7 @@ module ActionDispatch
       end
 
       # Returns a jar that'll automatically encrypt cookie values before sending them to the client and will decrypt them for read.
-      # If the cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception
-      # will be raised.
+      # If the cookie was tampered with by the user (or a 3rd party), nil will be returned.
       #
       # This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
       #