Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Removing use of subclassed application constant and instead using the | wangjohn | 2013-06-03 | 1 | -6/+6 |
| | | | | | more agnostic Rails.application syntax. This means tests will be more portable, and won't rely on the existence of a particular subclass. | ||||
* | Allow transparent upgrading of legacy signed cookies to encrypted cookies; ↵ | Trevor Turk | 2013-03-28 | 1 | -8/+60 |
| | | | | Automatically configure cookie-based sessions to use the best cookie jar given the app's config | ||||
* | Add UpgradeSignatureToEncryptionCookieStore | Santiago Pastorino | 2012-11-16 | 1 | -0/+110 |
| | | | | | | This allows easy upgrading from the old signed Cookie Store <= 3.2 or the deprecated one in 4.0 (the ones that doesn't use key derivation) to the new one that signs using key derivation | ||||
* | Remove duplicated get /foo/write_session | Santiago Pastorino | 2012-11-16 | 1 | -1/+0 |
| | |||||
* | Remove unused config option | Santiago Pastorino | 2012-11-16 | 1 | -1/+0 |
| | |||||
* | Add encrypted cookie store | Santiago Pastorino | 2012-11-03 | 1 | -0/+51 |
| | |||||
* | Use Ruby 1.9 Hash syntax in railties | Robin Dupret | 2012-10-14 | 1 | -1/+1 |
| | |||||
* | Implement :null_session CSRF protection method | Sergey Nartimov | 2012-09-13 | 1 | -0/+82 |
| | | | | | | | | It's further work on CSRF after 245941101b1ea00a9b1af613c20b0ee994a43946. The :null_session CSRF protection method provide an empty session during request processing but doesn't reset it completely (as :reset_session does). | ||||
* | Failing test for #6034 | Piotr Sarnacki | 2012-04-30 | 1 | -0/+20 |
| | |||||
* | config.force_ssl should mark the session as secure. | José Valim | 2012-01-13 | 1 | -0/+30 |