Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

No secret option provided to Rack::Session::Cookie warning?

I am running Rails 3.2.3, Ruby 1.9 under Fedora 17. I get this warning, when I run rails s, and how do I fix?

SECURITY WARNING: No secret option provided to Rack::Session::Cookie. This poses a security threat. It is strongly recommended that you provide a secret to prevent exploits that may be possible from crafted cookies. This will not be supported in future versions of Rack, and future versions will even invalidate your existing user cookies.

like image 215
bigdaveyl Avatar asked Apr 29 '12 18:04

bigdaveyl


2 Answers

This is a Rails bug, as the subclass is violating the superclass API contract.

The warning can be safely ignored by Rails users.

(https://github.com/rack/rack/issues/485#issuecomment-11956708, emphasis added)

Confirmation on the rails bug discussion: https://github.com/rails/rails/issues/7372#issuecomment-11981397

like image 151
Austin Lin Avatar answered Nov 15 '22 18:11

Austin Lin


Reading the discussion based on tehgeekmeisters answer, this warning is popping up as Rails is using Rack cookies in a different way than intended. It should be ok to just ignore this warning for now until there is a final agreement on how to handle this issue and a fix in place.

like image 30
iltempo Avatar answered Nov 15 '22 18:11

iltempo