Solving “SECURITY WARNING: No secret option provided to Rack::Session::Cookie” in Rails

Find abstract_store.rb in ruby library (in my windows:C:\RailsInstaller\Ruby1.9.3\lib\ruby\gems\1.9.1\gems\actionpack-3.2.1\lib\action_dispatch\middleware\session\abstract_store.rb) :

Change it to be like this:
module Compatibility
def initialize(app, options = {})
options[:key] ||= ‘_session_id’
# Add This
options[:secret] ||= Rails.application.config.secret_key_base
super
end

Then, open terminal/command prompt in your rails application folder, then run
rake secret

It will generate some string like this :
3f782f433fa2188a4190d421f1131…….

Open config\initializers\secret_token.rb. Add this line after config.secret_token:
YourAppName::Application.config.secret_key_base = ‘generated key from rake secret

Source:
Merge pull request #8584 from garysweaver/security_guide_update · 59ea907 · rails/rails

Blog :: Envy Labs, Rails 4 Security for Session Cookies
Encrypted cookies by spastorino · Pull Request #8112 · rails/rails

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s