Rails application generator from current master creates two scripts in "config/initializers/": "cookie_verifier_secret.rb" and "session_store.rb". The former is something like: ActionController::Base.cookie_verifier_secret = ''xyz...'' ... while the latter is: ActionController::Base.session = { :key => ''_foobar_session'', :secret => ''abcdefgh...'' } How do these two secret keys relate, and why are they generated different? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
On Dec 29 2009, 7:48 am, Mislav Marohnić <mislav.maroh...@gmail.com> wrote:> Rails application generator from current master creates two scripts in > "config/initializers/": "cookie_verifier_secret.rb" and "session_store.rb". > How do these two secret keys relate, and why are they generated different?I''m also wondering about this. Is there a reason that we can''t just generate one secret for use throughout an app in any case where we need a secret key? - Trevor -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
Cookie verifier secret is just for the new cookies.signed option - http://github.com/rails/rails/commit/0200e20f148c96afceeebc4da7b5985643f9f707. It has nothing to do with the session secret. On Sun, Jan 3, 2010 at 11:05 PM, Trevor Turk <trevorturk@gmail.com> wrote:> On Dec 29 2009, 7:48 am, Mislav Marohnić <mislav.maroh...@gmail.com> > wrote: >> Rails application generator from current master creates two scripts in >> "config/initializers/": "cookie_verifier_secret.rb" and "session_store.rb". >> How do these two secret keys relate, and why are they generated different? > > I''m also wondering about this. Is there a reason that we can''t just > generate one secret for use throughout an app in any case where we > need a secret key? > > - Trevor > > -- > > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. > To post to this group, send email to rubyonrails-core@googlegroups.com. > To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en. > > >-- Cheers! - Pratik http://m.onkey.org | http://twitter.com/lifo -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.