diff options
| author | Jeremy Kemper <jeremy@bitsweat.net> | 2007-02-21 23:13:32 +0000 |
|---|---|---|
| committer | Jeremy Kemper <jeremy@bitsweat.net> | 2007-02-21 23:13:32 +0000 |
| commit | 45dd256889cddd1a1746d122344a966873e03921 (patch) | |
| tree | ce412dd499f3880fea2f6f265431809380b7929a /railties | |
| parent | 25bb98e42daa98c4207ea19bb80525d2b7cf8962 (diff) | |
| download | rails-45dd256889cddd1a1746d122344a966873e03921.tar.gz rails-45dd256889cddd1a1746d122344a966873e03921.tar.bz2 rails-45dd256889cddd1a1746d122344a966873e03921.zip | |
Missed commit for [6184]. Generate a random secret for new app's cookie session store.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6197 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'railties')
| -rw-r--r-- | railties/CHANGELOG | 2 | ||||
| -rw-r--r-- | railties/helpers/application.rb | 7 | ||||
| -rw-r--r-- | railties/lib/rails_generator/generators/applications/app/USAGE | 2 |
3 files changed, 8 insertions, 3 deletions
diff --git a/railties/CHANGELOG b/railties/CHANGELOG index 4b215a089f..e79da5693a 100644 --- a/railties/CHANGELOG +++ b/railties/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* For new apps, generate a random secret for the cookie-based session store. [Jeremy Kemper] + * Stop swallowing errors during rake test [Koz] * Update Rails Initializer to use ActionController::Base#view_paths [Rick] diff --git a/railties/helpers/application.rb b/railties/helpers/application.rb index 3bef7f583e..c901717712 100644 --- a/railties/helpers/application.rb +++ b/railties/helpers/application.rb @@ -2,6 +2,9 @@ # Likewise, all the methods added will be available for all controllers. class ApplicationController < ActionController::Base - # Pick a unique cookie name to distinguish our session data from others' - session :session_key => '_<%= app_name %>_session_id' + # Pick a unique cookie name to distinguish our session from others. + # Session data is stored in a cookie by default, so the data is hashed + # with a secret to ensure its integrity. + session :session_key => '_<%= app_name %>_session', + :secret => '<%= CGI::Session.generate_unique_id(app_name) %>' end diff --git a/railties/lib/rails_generator/generators/applications/app/USAGE b/railties/lib/rails_generator/generators/applications/app/USAGE index 3bb55113fa..cded9c3061 100644 --- a/railties/lib/rails_generator/generators/applications/app/USAGE +++ b/railties/lib/rails_generator/generators/applications/app/USAGE @@ -13,4 +13,4 @@ WARNING: Your application will expect to find activerecord, actionpack, and actionmailer directories in the vendor directory. A popular way to track the bleeding edge of Rails development is to checkout from source control - directly to the vendor directory. See http://dev.rubyonrails.com + directly to the vendor directory. See http://dev.rubyonrails.org/ |