diff options
author | Claudio B <claudiob@inventati.org> | 2017-08-07 20:32:03 -0700 |
---|---|---|
committer | David Heinemeier Hansson <david@loudthinking.com> | 2017-08-07 22:32:03 -0500 |
commit | af954ddd54e2b720d84bbf781600a4ef30b0c345 (patch) | |
tree | 03aceba16b2b108ce46f3ae4f1a0b4b631fbf6a6 /activesupport/lib | |
parent | 7c89948c416fbc32b59e33a0ab454545b4f6fed7 (diff) | |
download | rails-af954ddd54e2b720d84bbf781600a4ef30b0c345.tar.gz rails-af954ddd54e2b720d84bbf781600a4ef30b0c345.tar.bz2 rails-af954ddd54e2b720d84bbf781600a4ef30b0c345.zip |
[ci skip] Prefer cookies.encrypted over signed (#30129)
In some examples and guides we are recommending to use code like:
```ruby
verified_user = User.find_by(id: cookies.signed[:user_id])
```
My suggestion is to use instead:
```ruby
verified_user = User.find_by(id: cookies.encrypted[:user_id])
```
which invites users to prefer the "newer" encrypted cookies over the
"legacy" signed cookies.
Diffstat (limited to 'activesupport/lib')
-rw-r--r-- | activesupport/lib/active_support/current_attributes.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/activesupport/lib/active_support/current_attributes.rb b/activesupport/lib/active_support/current_attributes.rb index 9ab1546064..4e6d8e4585 100644 --- a/activesupport/lib/active_support/current_attributes.rb +++ b/activesupport/lib/active_support/current_attributes.rb @@ -33,7 +33,7 @@ module ActiveSupport # # private # def authenticate - # if authenticated_user = User.find_by(id: cookies.signed[:user_id]) + # if authenticated_user = User.find_by(id: cookies.encrypted[:user_id]) # Current.user = authenticated_user # else # redirect_to new_session_url |