aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--actionpack/CHANGELOG2
-rw-r--r--actionpack/lib/action_controller/session/cookie_store.rb7
-rwxr-xr-xactionpack/test/controller/session/cookie_store_test.rb6
3 files changed, 14 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 359e53d198..59aba334b5 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Cookie session store: raise ArgumentError when :session_key is blank. [Jeremy Kemper]
+
* Deprecation: remove deprecated request, redirect, and dependency methods. Remove deprecated instance variables. Remove deprecated url_for(:symbol, *args) and redirect_to(:symbol, *args) in favor of named routes. Remove uses_component_template_root for toplevel components directory. Privatize deprecated render_partial and render_partial_collection view methods. Remove deprecated link_to_image, link_image_to, update_element_function, start_form_tag, and end_form_tag helper methods. Remove deprecated human_size helper alias. [Jeremy Kemper]
* Consistent public/protected/private visibility for chained methods. #7813 [Dan Manges]
diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb
index fe2d96e17d..7f0afbd4b0 100644
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -44,9 +44,14 @@ class CGI::Session::CookieStore
# Called from CGI::Session only.
def initialize(session, options = {})
+ # The session_key option is required.
+ if options['session_key'].blank?
+ raise ArgumentError, 'A session_key is required to write a cookie containing the session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase" } in config/environment.rb'
+ end
+
# The secret option is required.
if options['secret'].blank?
- raise ArgumentError, 'A secret is required to generate an integrity hash for cookie session data. Use config.action_controller.session = { :secret => "some secret phrase" } in config/environment.rb'
+ raise ArgumentError, 'A secret is required to generate an integrity hash for cookie session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase" } in config/environment.rb'
end
# Keep the session and its secret on hand so we can read and write cookies.
diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index 6d98821cfd..88425b9f02 100755
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -37,6 +37,12 @@ class CookieStoreTest < Test::Unit::TestCase
ENV.delete('HTTP_COOKIE')
end
+ def test_raises_argument_error_if_missing_session_key
+ [nil, ''].each do |blank|
+ assert_raise(ArgumentError, blank.inspect) { new_session 'session_key' => blank }
+ end
+ end
+
def test_raises_argument_error_if_missing_secret
[nil, ''].each do |blank|
assert_raise(ArgumentError, blank.inspect) { new_session 'secret' => blank }
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-08 17:38:05 +0000