Read more

Fix warning: No secret option provided to Rack::Session::Cookie

Henning Koch
January 08, 2013Software engineer at makandra GmbH
Say thanks9

You will get this when you are using the latest version of Rails with a recent version of Rack:

SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.
Illustration UI/UX Design

UI/UX Design by makandra brand

We make sure that your target audience has the best possible experience with your digital product. You get:

  • Design tailored to your audience
  • Proven processes customized to your needs
  • An expert team of experienced designers
Read more Show archive.org snapshot

The warning is caused by Rails calling Rack incorrectly. It is unclear Show archive.org snapshot when this is going to be fixed in Rails. If it will be fixed, I guess it will be for Rails 4 only.

The best workaround right now is to lock your version of rack at version 1.4.1.

License for source code
Posted by Henning Koch to makandra dev (2013-01-08 13:55)
This website uses short-lived cookies to improve usability.
or learn more