Two Bugfixes
Make session secret persist across restarts. (Been meaning to do this for a while: no more "stale cookie" warnings fter restarting the server. Avoid cookie overflow in session store.
This commit is contained in:
parent
35d34f36d5
commit
e43c9429c0
2 changed files with 14 additions and 15 deletions
|
@ -266,7 +266,6 @@ class WikiController < ApplicationController
|
|||
rescue => e
|
||||
flash[:error] = e
|
||||
logger.error e
|
||||
flash[:content] = the_content
|
||||
if @page
|
||||
@page.unlock
|
||||
redirect_to :action => 'edit', :web => @web_name, :id => @page_name
|
||||
|
@ -286,7 +285,7 @@ class WikiController < ApplicationController
|
|||
# the application itself (for application errors, it's better not to rescue the error at all)
|
||||
rescue => e
|
||||
logger.error e
|
||||
flash[:error] = e.message
|
||||
flash[:error] = e
|
||||
if in_a_web?
|
||||
redirect_to :action => 'edit', :web => @web_name, :id => @page_name
|
||||
else
|
||||
|
|
|
@ -14,20 +14,20 @@ require 'rails_generator/secret_key_generator'
|
|||
Rails::Initializer.run do |config|
|
||||
|
||||
# Secret session key
|
||||
generator = Rails::SecretKeyGenerator.new("Instiki")
|
||||
# The secret session key is automatically generated, and stored
|
||||
# in a file, for reuse between server restarts. If you want to
|
||||
# change the key, just delete the file, and it will be regenerated
|
||||
# on the next restart. Doing so will invalitate all existing sessions.
|
||||
secret_file = File.join(RAILS_ROOT, "secret")
|
||||
if File.exist?(secret_file)
|
||||
secret = File.read(secret_file)
|
||||
else
|
||||
secret = Rails::SecretKeyGenerator.new("Instiki").generate_secret
|
||||
File.open(secret_file, 'w', 0600) { |f| f.write(secret) }
|
||||
end
|
||||
config.action_controller.session = {
|
||||
:session_key => "instiki_session",
|
||||
#####
|
||||
### This one generates a secret key automatically at launch.
|
||||
### advantage: secure, no configuration necessary
|
||||
### disadvantage: restart the server, and all existing
|
||||
### session keys become invalid.
|
||||
:secret => generator.generate_secret
|
||||
###
|
||||
### Alternatively, you can set your own unchanging secret key
|
||||
### by editing and then uncommenting the following line, instead:
|
||||
# : secret => "a_very_long_string_of_random_letter_and_numbers"
|
||||
#####
|
||||
:session_key => "instiki_session",
|
||||
:secret => secret
|
||||
}
|
||||
|
||||
# Don't do file system STAT calls to check to see if the templates have changed.
|
||||
|
|
Loading…
Reference in a new issue