Two Bugfixes

Make session secret persist across restarts. (Been meaning to do this for
a while: no more "stale cookie" warnings fter restarting the server.

Avoid cookie overflow in session store.
This commit is contained in:
Jacques Distler 2008-09-01 15:35:34 -05:00
parent 35d34f36d5
commit e43c9429c0
2 changed files with 14 additions and 15 deletions

View file

@ -266,7 +266,6 @@ class WikiController < ApplicationController
rescue => e
flash[:error] = e
logger.error e
flash[:content] = the_content
if @page
@page.unlock
redirect_to :action => 'edit', :web => @web_name, :id => @page_name
@ -286,7 +285,7 @@ class WikiController < ApplicationController
# the application itself (for application errors, it's better not to rescue the error at all)
rescue => e
logger.error e
flash[:error] = e.message
flash[:error] = e
if in_a_web?
redirect_to :action => 'edit', :web => @web_name, :id => @page_name
else

View file

@ -14,20 +14,20 @@ require 'rails_generator/secret_key_generator'
Rails::Initializer.run do |config|
# Secret session key
generator = Rails::SecretKeyGenerator.new("Instiki")
# The secret session key is automatically generated, and stored
# in a file, for reuse between server restarts. If you want to
# change the key, just delete the file, and it will be regenerated
# on the next restart. Doing so will invalitate all existing sessions.
secret_file = File.join(RAILS_ROOT, "secret")
if File.exist?(secret_file)
secret = File.read(secret_file)
else
secret = Rails::SecretKeyGenerator.new("Instiki").generate_secret
File.open(secret_file, 'w', 0600) { |f| f.write(secret) }
end
config.action_controller.session = {
:session_key => "instiki_session",
#####
### This one generates a secret key automatically at launch.
### advantage: secure, no configuration necessary
### disadvantage: restart the server, and all existing
### session keys become invalid.
:secret => generator.generate_secret
###
### Alternatively, you can set your own unchanging secret key
### by editing and then uncommenting the following line, instead:
# : secret => "a_very_long_string_of_random_letter_and_numbers"
#####
:secret => secret
}
# Don't do file system STAT calls to check to see if the templates have changed.