From 45dd256889cddd1a1746d122344a966873e03921 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Wed, 21 Feb 2007 23:13:32 +0000
Subject: Missed commit for [6184]. Generate a random secret for new app's
 cookie session store.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6197 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 railties/CHANGELOG                                             | 2 ++
 railties/helpers/application.rb                                | 7 +++++--
 railties/lib/rails_generator/generators/applications/app/USAGE | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

(limited to 'railties')

diff --git a/railties/CHANGELOG b/railties/CHANGELOG
index 4b215a089f..e79da5693a 100644
--- a/railties/CHANGELOG
+++ b/railties/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* For new apps, generate a random secret for the cookie-based session store.  [Jeremy Kemper]
+
 * Stop swallowing errors during rake test [Koz]
 
 * Update Rails Initializer to use ActionController::Base#view_paths [Rick]
diff --git a/railties/helpers/application.rb b/railties/helpers/application.rb
index 3bef7f583e..c901717712 100644
--- a/railties/helpers/application.rb
+++ b/railties/helpers/application.rb
@@ -2,6 +2,9 @@
 # Likewise, all the methods added will be available for all controllers.
 
 class ApplicationController < ActionController::Base
-  # Pick a unique cookie name to distinguish our session data from others'
-  session :session_key => '_<%= app_name %>_session_id'
+  # Pick a unique cookie name to distinguish our session from others.
+  # Session data is stored in a cookie by default, so the data is hashed
+  # with a secret to ensure its integrity.
+  session :session_key => '_<%= app_name %>_session',
+          :secret => '<%= CGI::Session.generate_unique_id(app_name) %>'
 end
diff --git a/railties/lib/rails_generator/generators/applications/app/USAGE b/railties/lib/rails_generator/generators/applications/app/USAGE
index 3bb55113fa..cded9c3061 100644
--- a/railties/lib/rails_generator/generators/applications/app/USAGE
+++ b/railties/lib/rails_generator/generators/applications/app/USAGE
@@ -13,4 +13,4 @@ WARNING:
     Your application will expect to find activerecord, actionpack, and
     actionmailer directories in the vendor directory.  A popular way to track
     the bleeding edge of Rails development is to checkout from source control
-    directly to the vendor directory.  See http://dev.rubyonrails.com
+    directly to the vendor directory.  See http://dev.rubyonrails.org/
-- 
cgit v1.2.3