SECURITY WARNING error: no secret parameter for Rack :: Session :: Cookie

Question

SECURITY WARNING error: no secret parameter for Rack :: Session :: Cookie

Possible duplicate:
No secret parameter for Rack :: Session :: Cookie Warning?

When creating forests, I got this error today:

SECURITY CAUTION: No secret parameter for Rack :: Session :: Cookie. This poses a security risk. It is highly recommended that you provide a secret to prevent exploits that may be possible from processed cookies. This will not be supported in future versions of Rack, and future versions will even invalidate the user's existing cookies.

But the key is set in config/initializers/secret_token.rb .

Should I do something or is it just a standard warning that I can safely ignore, since I already have a key?

+67

ruby-on-rails

iCyborg Jan 07 '13 at 6:35

source share

2 answers

Jonas Schubert Erlandsson · Answer 1 · 2013-01-08 09:09

This is a discussed issue . This is due to upgrading to Rack 1.4.2 and your choice. Until Rails is updated with the solution, you should ignore the error or downgrade to Rack 1.4.1, according to people who know;)

Vinay · Answer 2 · 2013-01-08 11:59

According to discussions on some other sites, this warning appears because Rails uses Rack cookies differently than intended. Perhaps you should simply ignore this warning until a final agreement is reached on how to deal with this problem and install a fix.

SECURITY WARNING error: no secret parameter for Rack :: Session :: Cookie

More articles: