No secret option provided to Rack::Session::Cookie warning?

ruby-on-rails ruby-on-rails-3.2
bigdaveyl picture bigdaveyl · Apr 29, 2012 · Viewed 25.2k times · Source

I am running Rails 3.2.3, Ruby 1.9 under Fedora 17. I get this warning, when I run rails s, and how do I fix?

SECURITY WARNING: No secret option provided to Rack::Session::Cookie. This poses a security threat. It is strongly recommended that you provide a secret to prevent exploits that may be possible from crafted cookies. This will not be supported in future versions of Rack, and future versions will even invalidate your existing user cookies.

Answer

Austin Lin picture Austin Lin · Jan 8, 2013

This is a Rails bug, as the subclass is violating the superclass API contract.

The warning can be safely ignored by Rails users.

(https://github.com/rack/rack/issues/485#issuecomment-11956708, emphasis added)

Confirmation on the rails bug discussion: https://github.com/rails/rails/issues/7372#issuecomment-11981397

Related questions

Rendering JSON in controller

I was reading a book and in a chapter about Controllers when it talks about rendering stuff, for JSON it has an example like this but doesn't go in to details so I couldn't figure out the bigger picture that …

Read More
rails generate model

I'm trying to follow instructions from the book "Head First Rails" and on page 50 it says to create a model but I am unable to create a model using the rails command. When I type this at this prompt: localhost:~ …

Read More
Server is already running in Rails

When I am starting rails server using rails s command it is showing A server is already running. Check C:/Sites/folder/Pids/Server.pids When I open the file it is outputting a 4 digit number only so how could …

Read More