aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
authorNeeraj Singh <neerajdotname@gmail.com>2013-03-25 09:40:57 -0400
committerNeeraj Singh <neerajdotname@gmail.com>2013-03-25 11:02:38 -0400
commitd36cfa2231dba9ebf3bc6900b136b205c4b51af1 (patch)
tree840a110b60be54a9c786f1398ef1c6393e9b7fe5 /actionpack
parent8caafd9076c565a30bbab16959ba018545e12a00 (diff)
downloadrails-d36cfa2231dba9ebf3bc6900b136b205c4b51af1.tar.gz
rails-d36cfa2231dba9ebf3bc6900b136b205c4b51af1.tar.bz2
rails-d36cfa2231dba9ebf3bc6900b136b205c4b51af1.zip
if cookie is tampered with then nil is returned [ci skip]
if the given key is not found then verifier does raise `ActiveSupport::MessageVerifier::InvalidSignature` exception but this exception is resuced and finally nil is returned.
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/lib/action_dispatch/middleware/cookies.rb6
1 files changed, 2 insertions, 4 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 968a6c539e..f21d1d4ee5 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -115,8 +115,7 @@ module ActionDispatch
# Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
# the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
- # cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
- # be raised.
+ # cookie was tampered with by the user (or a 3rd party), nil will be returned.
#
# This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
#
@@ -142,8 +141,7 @@ module ActionDispatch
end
# Returns a jar that'll automatically encrypt cookie values before sending them to the client and will decrypt them for read.
- # If the cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception
- # will be raised.
+ # If the cookie was tampered with by the user (or a 3rd party), nil will be returned.
#
# This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
#