Changeset 8200
- Timestamp:
- 11/24/07 22:41:16 (1 year ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/actionpack/lib/action_controller/session/cookie_store.rb
r8184 r8200 26 26 # secret is not vulnerable to a dictionary attack. Therefore, 27 27 # you should choose a secret consisting of random numbers and 28 # letters and preferablymore than 30 characters.28 # letters and more than 30 characters. 29 29 # 30 30 # Example: :secret => '449fe2e7daee471bffae2fd8dc02313d' … … 39 39 # Cookies can typically store 4096 bytes. 40 40 MAX = 4096 41 SECRET_MIN_LENGTH = 30 # characters 41 42 42 43 # Raised when storing more than 4K of session data. … … 85 86 86 87 if secret.blank? 87 raise ArgumentError, 'A secret is required to generate an integrity hash for cookie session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase" } in config/environment.rb'88 raise ArgumentError, %Q{A secret is required to generate an integrity hash for cookie session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase of at least #{SECRET_MIN_LENGTH} characters" } in config/environment.rb} 88 89 end 89 90 90 if secret.length < 3091 raise ArgumentError, "Secret should be something secure, like #{CGI::Session.generate_unique_id}. The value you provided: [#{secret}]"91 if secret.length < SECRET_MIN_LENGTH 92 raise ArgumentError, %Q{Secret should be something secure, like "#{CGI::Session.generate_unique_id}". The value you provided, "#{secret}", is shorter than the minimum length of #{SECRET_MIN_LENGTH} characters} 92 93 end 93 94 end
