Avoid Rack security warning no secret provided

This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
author: Santiago Pastorino <santiago@wyeworks.com> 2013-01-08 00:25:24 -0200
committer: Aaron Patterson <aaron.patterson@gmail.com> 2013-01-08 09:08:05 -0800
commit: 95fe9ef945a35f56fa1c3ef356aec4a3b868937c (patch)
tree: 673da4041bd7171d7b90b6dbd9203aeec226e79d /actionpack
parent: 8ba3df046f977dddd4bc46248db2a1355bc0ed1e (diff)
download: rails-95fe9ef945a35f56fa1c3ef356aec4a3b868937c.tar.gz
rails-95fe9ef945a35f56fa1c3ef356aec4a3b868937c.tar.bz2
rails-95fe9ef945a35f56fa1c3ef356aec4a3b868937c.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
index c04fee21dc..cb6d98f09a 100644
--- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -25,6 +25,8 @@ module ActionDispatch
     module Compatibility
       def initialize(app, options = {})
         options[:key] ||= '_session_id'
+        # FIXME Rack's secret is not being used
+        options[:secret] ||= SecureRandom.hex(30)
         super
       end
author	Santiago Pastorino <santiago@wyeworks.com>	2013-01-08 00:25:24 -0200
committer	Aaron Patterson <aaron.patterson@gmail.com>	2013-01-08 09:08:05 -0800
commit	95fe9ef945a35f56fa1c3ef356aec4a3b868937c (patch)
tree	673da4041bd7171d7b90b6dbd9203aeec226e79d /actionpack
parent	8ba3df046f977dddd4bc46248db2a1355bc0ed1e (diff)
download	rails-95fe9ef945a35f56fa1c3ef356aec4a3b868937c.tar.gz rails-95fe9ef945a35f56fa1c3ef356aec4a3b868937c.tar.bz2 rails-95fe9ef945a35f56fa1c3ef356aec4a3b868937c.zip