SECURITY WARNING: No secret option provided to Rack::Session::Cookie

praveen_b · February 5, 2013, 7:19am

I am getting following warning while generating model, how to get rid of
this warning and what is cause for this warning. I am using rails 3.2.8

SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from
crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.

Thank you.

praveen_b · February 5, 2013, 10:45am

On Tuesday, February 5, 2013 6:19:22 AM UTC, Ruby-Forum.com User wrote:

Normally you’d have

YourApplication::Application.config.secret_token = ‘long random string’

in an initializer, which rails should then pass through to rack. You can
use rake secret to generate such a token.

Fred

praveen_b · February 7, 2013, 12:53am

Frederick C. wrote in post #1095286:

On Tuesday, February 5, 2013 6:19:22 AM UTC, Ruby-Forum.com User wrote:

Normally you’d have

YourApplication::Application.config.secret_token = ‘long random string’

in an initializer, which rails should then pass through to rack. You can
use rake secret to generate such a token.

I just read about this yesterday. It’s an issue with the very latest
update to the rack gem, as I understand it. The issue was patched in the
Rails master and should make it’s way into the next point release of
Rails. According to the bug discussion this warning can be safely
ignore, so just wait for the next Rails release and the warning should
go away.

praveen_b · February 7, 2013, 1:52pm

I got the same Problem. My Rake Version 10.0.3. Thank you Mr.Robert
Walker

On Thu, Feb 7, 2013 at 5:23 AM, Robert W. [email protected]
wrote:

–
You received this message because you are subscribed to the Google G.
“Ruby on Rails: Talk” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

–

praveen_b · February 7, 2013, 1:55pm

On Thu, Feb 7, 2013 at 6:51 AM, BalaRaju V.
[email protected] wrote:

I got the same Problem. My Rake Version 10.0.3. Thank you Mr.Robert W.

Rake is not Rack.

praveen_b · February 7, 2013, 2:03pm

Thank you Jordon

On Thu, Feb 7, 2013 at 6:23 PM, Jordon B. [email protected]
wrote:

To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

–