From cb3181e81e3a0e9d03450c7065fcc226e2e1731c Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Tue, 8 Jan 2013 00:25:24 -0200 Subject: Avoid Rack security warning no secret provided This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie." --- actionpack/lib/action_dispatch/middleware/session/abstract_store.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'actionpack/lib/action_dispatch') diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb index 7c12590c49..6fb16bdfe9 100644 --- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb @@ -21,6 +21,8 @@ module ActionDispatch module Compatibility def initialize(app, options = {}) options[:key] ||= '_session_id' + # FIXME Rack's secret is not being used + options[:secret] ||= SecureRandom.hex(30) super end -- cgit v1.2.3