Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails secret token

Tags:

I'm quite confused what is secret_token used for in Rails. Can anyone explain what it is used for? Is it OK to put this token in a public source repository and use it in production, or I should change it before deploying my app to prevent some kinds of attacks?

like image 651
Marek Sapota Avatar asked Nov 22 '10 01:11

Marek Sapota

1 Answers

Answering my own question - secret_token is used to prevent cookie tampering in Rails. Every cookie has a checksum saved with it, so users won't modify cookie contents (and change saved user id to steal someone's account, for example). The checksum is based on cookie contents and secret_token, so if you are using cookie based sessions you should always make sure your secret_token is really secret, otherwise you can't trust that anything you put into session came back unchanged.

like image 193
Marek Sapota Avatar answered Nov 20 '22 16:11

Marek Sapota
Sign in to Comment

Related questions

Is there some advantage in use resourcestring instead of a const string?
What is a proper way for naming of message properties in i18n?
How to install a Mac application using Terminal
What's the most semantically correct way to do subheadings?
Possible to have immutable JPA entities?
SQL server temporary tables vs cursors
Binary Blob truncated to 8000 bytes - SQL Server 2008 / varbinary(max)
Is there a Java library for parsing gettext PO files? [closed]
PHP language specification?
How can I get system/hardware info via Java? [duplicate]
Assert.Inconclusive and IgnoreAttribute
Is it good idea to use uint instead of int as the primary key in data model class?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!