aboutsummaryrefslogtreecommitdiffstats
path: root/railties/test/application/middleware/session_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Removed magic comments # encoding: utf-8 , since its default from ruby 2.0 ↵Vipul A M2015-02-031-1/+0
| | | | onwards.
* `secret_token` is now saved in `Rails.application.secrets.secret_token`Benjamin Fleischer2014-11-021-4/+4
| | | | | | | | | | | | | | | | | | | | | | - `secrets.secret_token` is now used in all places `config.secret_token` was - `secrets.secret_token`, when not present in `config/secrets.yml`, now falls back to the value of `config.secret_token` - when `secrets.secret_token` is set, it over-writes `config.secret_token` so they are the same (for backwards-compatibility) - Update docs to reference app.secrets in all places - Remove references to `config.secret_token`, `config.secret_key_base` - Warn that missing secret_key_base is deprecated - Add tests for secret_token, key_generator, and message_verifier - the legacy key generator is used with the message verifier when secrets.secret_key_base is blank and secret_token is set - app.key_generator raises when neither secrets.secret_key_base nor secret_token are set - app.env_config raises when neither secrets.secret_key_base nor secret_token are set - Add changelog Run focused tests via ruby -w -Itest test/application/configuration_test.rb -n '/secret_|key_/'
* Replace config.secret_key_base with secrets.secret_key_base in testGuillermo Iguaran2013-12-121-1/+1
|
* Removing use of subclassed application constant and instead using thewangjohn2013-06-031-6/+6
| | | | | more agnostic Rails.application syntax. This means tests will be more portable, and won't rely on the existence of a particular subclass.
* Allow transparent upgrading of legacy signed cookies to encrypted cookies; ↵Trevor Turk2013-03-281-8/+60
| | | | Automatically configure cookie-based sessions to use the best cookie jar given the app's config
* Add UpgradeSignatureToEncryptionCookieStoreSantiago Pastorino2012-11-161-0/+110
| | | | | | This allows easy upgrading from the old signed Cookie Store <= 3.2 or the deprecated one in 4.0 (the ones that doesn't use key derivation) to the new one that signs using key derivation
* Remove duplicated get /foo/write_sessionSantiago Pastorino2012-11-161-1/+0
|
* Remove unused config optionSantiago Pastorino2012-11-161-1/+0
|
* Add encrypted cookie storeSantiago Pastorino2012-11-031-0/+51
|
* Use Ruby 1.9 Hash syntax in railtiesRobin Dupret2012-10-141-1/+1
|
* Implement :null_session CSRF protection methodSergey Nartimov2012-09-131-0/+82
| | | | | | | | It's further work on CSRF after 245941101b1ea00a9b1af613c20b0ee994a43946. The :null_session CSRF protection method provide an empty session during request processing but doesn't reset it completely (as :reset_session does).
* Failing test for #6034Piotr Sarnacki2012-04-301-0/+20
|
* config.force_ssl should mark the session as secure.José Valim2012-01-131-0/+30