Defect #12755
closed
Rack SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
0%
Description
/home/user/.rvm/rubies/jruby-1.7.0/bin/jruby --1.9 -e $stdout.sync=true;$stderr.sync=true;load($0=ARGV.shift) /home/user/redmine-2.2/script/rails server -b 172.16.107.48 -p 3000 -e production
=> Booting WEBrick
=> Rails 3.2.10 application starting in production on http://localhost:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
/home/usre/redmine-2.2/lib/redmine.rb:26 warning: already initialized constant FCSV
SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.Called from: /home/user/.rvm/gems/jruby-1.7.0/gems/actionpack-3.2.10/lib/action_dispatch/middleware/session/abstract_store.rb:28:in `initialize'.[2013-01-07 15:12:01] INFO WEBrick 1.3.1
[2013-01-07 15:12:01] INFO ruby 1.9.3 (2012-11-28) [java]
[2013-01-07 15:12:01] INFO WEBrick::HTTPServer#start: pid=17280 port=3000
seel also http://stackoverflow.com/questions/10374871/no-secret-option-provided-to-racksessioncookie-warning
Updated by Etienne Massip almost 12 years ago
Did you rake generate_secret_token as explained in RedmineInstall?
Updated by
Updated by Jack S. almost 12 years ago
It's an Rails/Rack Issue: https://github.com/rails/rails/issues/7372 and does not depend on rails secret session token.
Updated by Etienne Massip almost 12 years ago
- Status changed from New to Closed
- Resolution set to Wont fix
Sorry, missed that. Closed as such.
Updated by Etienne Massip almost 12 years ago
- Category changed from Code cleanup/refactoring to Gems support
Updated by Etienne Massip almost 12 years ago
FWIW this warning should be removed with next releases and upgrade to latest Rails version.