Read more

Fix warning: No secret option provided to Rack::Session::Cookie

Henning Koch
January 08, 2013Software engineer at makandra GmbH
Say thanks9

You will get this when you are using the latest version of Rails with a recent version of Rack:

SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.
Illustration web development

Do you need DevOps-experts?

Your development team has a full backlog? No time for infrastructure architecture? Our DevOps team is ready to support you!

  • We build reliable cloud solutions with Infrastructure as code
  • We are experts in security, Linux and databases
  • We support your dev team to perform
Read more Show archive.org snapshot

The warning is caused by Rails calling Rack incorrectly. It is unclear Show archive.org snapshot when this is going to be fixed in Rails. If it will be fixed, I guess it will be for Rails 4 only.

The best workaround right now is to lock your version of rack at version 1.4.1.

License for source code
Posted by Henning Koch to makandra dev (2013-01-08 13:55)
This website uses short-lived cookies to improve usability.
or learn more