Rails application generator from current master creates two scripts in
"config/initializers/": "cookie_verifier_secret.rb" and
"session_store.rb".
The former is something like:
ActionController::Base.cookie_verifier_secret = ''xyz...''
... while the latter is:
ActionController::Base.session = {
:key => ''_foobar_session'',
:secret => ''abcdefgh...''
}
How do these two secret keys relate, and why are they generated different?
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.
On Dec 29 2009, 7:48 am, Mislav Marohnić <mislav.maroh...@gmail.com> wrote:> Rails application generator from current master creates two scripts in > "config/initializers/": "cookie_verifier_secret.rb" and "session_store.rb". > How do these two secret keys relate, and why are they generated different?I''m also wondering about this. Is there a reason that we can''t just generate one secret for use throughout an app in any case where we need a secret key? - Trevor -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
Cookie verifier secret is just for the new cookies.signed option - http://github.com/rails/rails/commit/0200e20f148c96afceeebc4da7b5985643f9f707. It has nothing to do with the session secret. On Sun, Jan 3, 2010 at 11:05 PM, Trevor Turk <trevorturk@gmail.com> wrote:> On Dec 29 2009, 7:48 am, Mislav Marohnić <mislav.maroh...@gmail.com> > wrote: >> Rails application generator from current master creates two scripts in >> "config/initializers/": "cookie_verifier_secret.rb" and "session_store.rb". >> How do these two secret keys relate, and why are they generated different? > > I''m also wondering about this. Is there a reason that we can''t just > generate one secret for use throughout an app in any case where we > need a secret key? > > - Trevor > > -- > > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. > To post to this group, send email to rubyonrails-core@googlegroups.com. > To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en. > > >-- Cheers! - Pratik http://m.onkey.org | http://twitter.com/lifo -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.