SECURITY WARNING: No secret option provided to Rack::Session::Cookie.

11155 · February 5, 2013, 6:19am

I am getting following warning while generating model, how to get rid of this warning and what is cause for this warning. I am using rails 3.2.8

SECURITY WARNING: No secret option provided to Rack::Session::Cookie. This poses a security threat. It is strongly recommended that you provide a secret to prevent exploits that may be possible from crafted cookies. This will not be supported in future versions of Rack, and future versions will even invalidate your existing user cookies.

Thank you.

Frederick_Cheung · February 5, 2013, 9:44am

Normally you’d have

YourApplication::Application.config.secret_token = ‘long random string’

in an initializer, which rails should then pass through to rack. You can use rake secret to generate such a token.

Fred

11155 · February 6, 2013, 11:53pm

Frederick Cheung wrote in post #1095286:

BalaRaju_Vankala · February 7, 2013, 12:51pm

I got the same Problem. My Rake Version 10.0.3. Thank you Mr.Robert Walker

Jordon_Bedwell · February 7, 2013, 12:53pm

Rake is not Rack.

BalaRaju_Vankala · February 7, 2013, 1:02pm

Thank you Jordon

Topic		Replies	Views
Cookie session security and open-source rubyonrails-core	12	223	August 12, 2008
protect_from_forgery(secret) and config.action_controller.session_store rubyonrails-core	4	178	September 2, 2008
Security Expose: Assume folks have seen this - rubyonrails-core	5	254	December 21, 2012
'rake routes' gives error rubyonrails-talk	2	102	October 18, 2007
Rails 3 (latest git): "Missing cookie signing secret" rubyonrails-core	5	202	April 12, 2010

SECURITY WARNING: No secret option provided to Rack::Session::Cookie.

Related topics

More Resources