From c06aff0a7e42868e9788d6cefe5ce49e93cbf45b Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Sun, 20 Dec 2009 14:33:13 -0800
Subject: Added cookies.permanent, cookies.signed, and cookies.permanent.signed
 accessor for common cookie actions [DHH]

---
 railties/CHANGELOG                                     | 18 ++++++++++++++++++
 .../initializers/cookie_verification_secret.rb.tt      |  7 +++++++
 2 files changed, 25 insertions(+)
 create mode 100644 railties/lib/rails/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt

(limited to 'railties')

diff --git a/railties/CHANGELOG b/railties/CHANGELOG
index 66e0d5e9c5..9ef2922133 100644
--- a/railties/CHANGELOG
+++ b/railties/CHANGELOG
@@ -1,5 +1,23 @@
 *Edge*
 
+* Added cookies.permanent, cookies.signed, and cookies.permanent.signed accessor for common cookie actions [DHH]. Examples:
+
+    cookies.permanent[:prefers_open_id] = true
+    # => Set-Cookie: prefers_open_id=true; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
+
+    cookies.signed[:discount] = 45
+    # => Set-Cookie: discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/
+
+    cookies.signed[:discount]
+    # => 45 (if the cookie was changed, you'll get a InvalidSignature exception)
+
+    cookies.permanent.signed[:remember_me] = current_user.id
+    # => Set-Cookie: discount=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
+    
+  ...to use the signed cookies, you need to set a secret to ActionController::Base.cookie_verifier_secret (automatically done in config/initializers/cookie_verification_secret.rb for new Rails applications).
+
+* Added config/initializers/cookie_verification_secret.rb with an auto-generated secret for using ActionController::Base#cookies.signed [DHH]
+
 * Fixed that the debugger wouldn't go into IRB mode because of left-over ARGVs [DHH]
 
 * I18n support for plugins.  #2325 [Antonio Tapiador, Sven Fuchs]
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt
new file mode 100644
index 0000000000..9808ea6a2d
--- /dev/null
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt
@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random, 
+# no regular words or you'll be exposed to dictionary attacks.
+ActionController::Base.cookie_verification_secret = '<%= app_secret %>';
-- 
cgit v1.2.3