SECURITY WARNING: No secret option provided to Rack::Session::Cookie.

350 views
Skip to first unread message

Praveen BK

unread,
Feb 5, 2013, 1:19:22 AM2/5/13
to rubyonra...@googlegroups.com
I am getting following warning while generating model, how to get rid of
this warning and what is cause for this warning. I am using rails 3.2.8

SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from
crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.

Thank you.

--
Posted via http://www.ruby-forum.com/.

Frederick Cheung

unread,
Feb 5, 2013, 4:44:09 AM2/5/13
to rubyonra...@googlegroups.com


On Tuesday, February 5, 2013 6:19:22 AM UTC, Ruby-Forum.com User wrote:
I am getting following warning while generating model, how to get rid of
this warning and what is cause for this warning. I am using rails 3.2.8

   SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
   This poses a security threat. It is strongly recommended that you
   provide a secret to prevent exploits that may be possible from
crafted
   cookies. This will not be supported in future versions of Rack, and
   future versions will even invalidate your existing user cookies.


Normally you'd have 

YourApplication::Application.config.secret_token = 'long random string'

in an initializer, which rails should then pass through to rack. You can use rake secret to generate such a token.

Fred

Robert Walker

unread,
Feb 6, 2013, 6:53:34 PM2/6/13
to rubyonra...@googlegroups.com
Frederick Cheung wrote in post #1095286:
I just read about this yesterday. It's an issue with the very latest
update to the rack gem, as I understand it. The issue was patched in the
Rails master and should make it's way into the next point release of
Rails. According to the bug discussion this warning can be safely
ignore, so just wait for the next Rails release and the warning should
go away.

BalaRaju Vankala

unread,
Feb 7, 2013, 7:51:40 AM2/7/13
to rubyonra...@googlegroups.com
I got the same Problem. My Rake Version 10.0.3. Thank you Mr.Robert Walker




--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.



--
----------------------------------------------------------------------------------------------------
Thank You.

Best Wishes,
 
BalaRaju Vankala,
8886565300.


Jordon Bedwell

unread,
Feb 7, 2013, 7:53:58 AM2/7/13
to rubyonra...@googlegroups.com
On Thu, Feb 7, 2013 at 6:51 AM, BalaRaju Vankala
<foreve...@gmail.com> wrote:
> I got the same Problem. My Rake Version 10.0.3. Thank you Mr.Robert Walker

Rake is not Rack.

BalaRaju Vankala

unread,
Feb 7, 2013, 8:02:17 AM2/7/13
to rubyonra...@googlegroups.com
Thank you Jordon


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


Reply all
Reply to author
Forward
0 new messages