[Rails] Re: SECURITY WARNING: No secret option provided to Rack::Session::Cookie.

Ruby on Rails Tuesday, February 5, 2013



On Tuesday, February 5, 2013 6:19:22 AM UTC, Ruby-Forum.com User wrote:

I am getting following warning while generating model, how to get rid of
this warning and what is cause for this warning. I am using rails 3.2.8

   SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
   This poses a security threat. It is strongly recommended that you
   provide a secret to prevent exploits that may be possible from
crafted
   cookies. This will not be supported in future versions of Rack, and
   future versions will even invalidate your existing user cookies.


Normally you'd have 

YourApplication::Application.config.secret_token = 'long random string'

in an initializer, which rails should then pass through to rack. You can use rake secret to generate such a token.

Fred

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/MFS7MbQeiUUJ.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Posted by Ruby on Rails at 1:44 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)