Rails 3 Session Secret and Session Store
Wed Apr 07 20:30:00 -0700 2010
In Rails 3 the location and way you declare the session secret and session store have changed.
Rails 3 Session Secret and Session Store
In Rails 3 the location and way you declare the session secret and session store have changed.
Previously (in 2.3.x) you would have one file:
config/initializers/session_store.rb
ActionController::Base.session = {
:key => ‘_my_app_name_session’,
:secret => ‘somereallylongrandomkey’
}
In Rails 3, you reduce session_store.rb to the following:
Rails.application.config.session_store :cookie_store, :key => "_my_app_name_session"
And then, because we now need somewhere to store the secret, you create a new file called config/initializers/cookie_verification_secret.rb and put inside of it:
Rails.application.config.cookie_secret = 'somereallylongrandomkey'
If instead of using cookies, you were using active record as the store, then you obviously wouldn’t need the cookie_verification_secret.rb file and instead would insert any other config you needed into its own file inside of initializers.
This gives us the added bonus of being able to exclude cookie secrets from source control systems.
blogLater
Mikel
Leave a Reply
Latest posts
- Encrypting Another Partition Using FileVault 2 on OSX Lion
- Installing Home Folder on Second Drive on OSX Lion
- undefined local variable or method `version_requirements'
- A New World of Resources
- Rails Static Pages
- Twitter Replacing Rails? So?
- Engine Yard Cloud Backups Generating Zero Length Backups
- Our Rails Rumble Entry - StillAlive.com
- Renaming a controller and redirection in Rails 3
- Updating RailsPlugins.org to Rails 3 - Part 1
- A new protocol for social interaction
- What is a distributed social network?
- Bundler and Public Git Sources
- Getting Heroku, memcached and Rails 3 working
- Why Bundler?
- Rails Commit Access
- Introducing TellThemWhen
- rake RSpec & Cucumber uninitialized constant Rails::Boot::Bundler
- This Relationship is Worth Nothing
- Thank YOU...
- Inline Attachments for ActionMailer
- Upgrading RailsPlugins.org to Rails 3 - Part 1
- Stripping dollar signs and commas from a string
- Getting Rails 3 Edge with jQuery, RSpec and Cucumber using RVM
- Action Mailer, go Proc thyself
- The Real News Donation Drive
- ActionMailer ScreenCast and Article
- Installing RSpec for Rails 3
- I am speaking at RailsConf 2010
- If you're lazy and you know it write your specs!
- Bundler - uninitialized constant ActionController
- Bundle Me Some Sanity
- How to use Mail / ActionMailer 3 with GMail SMTP
- Put your mailer where the action is!
- Why Force a Choice?
- How to make an RSS feed in Rails
- Rails 3 Routing with Rack
- Bundle me some Rails
- Helping out in Haiti
- Watch your self
- Is Rails 3.0 a Game Changer?
- Where did the scripts go?
- validates :rails_3, :awesome => true
- New Rails Version 3.0 Guides Online
- New ActionMailer API in Rails 3.0
- Mail gem version 2 released
- How to rename a Rails 3 Application
- Rails 3.0 Examples
- DECCA Driving Day
Latest comments
- Quantspring.com
This is a really great post I f...
- Maxine
Maybe it has a connection with ...
- Axel W
Had the same problem lots of ti...
- cloud computing anbieter
I was there and I see you confe...
- cloud computing anbieter
I was there and I see you confe...
Categories
Tag Cloud
AJAX ARGH! ActiveRecord Ajax Apache Apple Asterisk Australia Copy Database Development Feedburner Gem server Google Human Rights Javascript L. Ron Hubbard MS SQL Server MacOSX Mail Mephisto Not Programming OpenBSD Opensource Performance Personal Integrity PostgreSQL Programming Prototype Puzzle RDoc REST RESTful Rails RSPec RSpec Rails Rails Tips Rspec Ruby Ruby on Rails Ruby on Rails Tips Ruby on rails Tips SQL SQLServer SVN Scientologist Scientology Site Stats Soekris Soekris net5501 TMail Textmate Tips Windows World about mikel anti drug apache contributing daemon documentation drugs illustrator javascript lambda mail mephisto newspapers nitro open source opensource photoshop productivity programming railscasts rspec ruby ruby on rails rubyforge scientology seo sitemap sqlserver tips tmail tom cruise unix tricks vector graphicsArchives
- November 2009 (1)
- October 2009 (2)
- September 2009 (2)
- August 2009 (0)
- July 2009 (1)
- June 2009 (0)
- May 2009 (1)
- April 2009 (0)
- March 2009 (0)
- February 2009 (0)
- January 2009 (2)
- December 2008 (0)
- November 2008 (5)
- October 2008 (0)
- September 2008 (1)
- August 2008 (0)
- July 2008 (2)
- June 2008 (13)
- May 2008 (7)
- April 2008 (18)
- March 2008 (8)
- February 2008 (5)
- January 2008 (7)
- December 2007 (20)
- November 2007 (22)
Tue Nov 08 19:42:40 -0800 2011
I like your website very much , i t is very excellent ! Thank you for your sharing !
Mon Aug 08 02:13:21 -0700 2011
I like your website very much , i t is very excellent ! Thank you for your sharing !
Fri Oct 07 00:24:56 -0700 2011
I do not like cookies, I prefer using active record as the store :)
Sun Feb 05 20:29:10 -0800 2012
On a related note. It seems the RSpec bundle for TextMate needs how much does an abortion cost updating. The bundle’s spec file generator (shift+control+down_arrow)
is inserting the spec stub code into the source file instead of the generated spec file.
Fri Feb 17 03:15:26 -0800 2012
finally I understand where was the issue on my application. Thank you for the update!
Tue Mar 06 07:06:54 -0800 2012
I suggest this site to my friends so it could be useful & informative for them also. Thanks!
Thu Mar 22 14:23:13 -0700 2012
I like that this gives us the added bonus of being able to exclude cookie secrets from source control systems. It really makes everything much more simple. Thank you for the heads up.
Fri Mar 23 23:50:49 -0700 2012
I really like the fresh perceptive you did on the issue. Really was not expecting that when I started off studying.Security in Slough | Security in St Albans | Security Companies London | Security in Crawley | Security in St Davids | Car breakers in Birmingham
Sun Apr 01 09:50:00 -0700 2012
I didn’t use cookies as well, because it’s making my system slow down considerably, but I am thinking to enable it back, maybe it help the overall progress.