This patch (or one like it) also has the side benefit of being able to simplify the generated code for ActionController. The :secret could be uncommented by default, and the comment on the line above could be removed.
On Wed, Sep 3, 2008 at 12:29 AM, Tim Haines <[EMAIL PROTECTED]> wrote: > I decided to have a go at this tonight. Patch attached at > http://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/957 > > I'm happy to hear any feedback on the patch - as it might have a broader > impact than I'm aware of with my limited experience hacking on rails source. > > Cheers, > > Tim. > > On Tue, Sep 2, 2008 at 7:11 PM, Michael Koziarski <[EMAIL PROTECTED]>wrote: > >> >> > I'm wondering if the secret param should ever be used when using the >> cookie >> > session store? If not, should rails raise an error when configured with >> the >> > cookie store and secret param? >> >> Ideally yes, rails would raise an error when misconfigured like this. >> I believe at present the presence or absence of the :secret key is >> something which determines which approach to use, so it might require >> a little bit of refactoring first. >> >> >> >> -- >> Cheers >> >> Koz >> >> >> >> > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
