Project

General

Profile

Actions

Defect #12755

closed

Rack SECURITY WARNING: No secret option provided to Rack::Session::Cookie.

Added by Terence Mill almost 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Gems support
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Wont fix
Affected version:

Description

/home/user/.rvm/rubies/jruby-1.7.0/bin/jruby --1.9 -e $stdout.sync=true;$stderr.sync=true;load($0=ARGV.shift) /home/user/redmine-2.2/script/rails server -b 172.16.107.48 -p 3000 -e production
=> Booting WEBrick
=> Rails 3.2.10 application starting in production on http://localhost:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
/home/usre/redmine-2.2/lib/redmine.rb:26 warning: already initialized constant FCSV

SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.
Called from: /home/user/.rvm/gems/jruby-1.7.0/gems/actionpack-3.2.10/lib/action_dispatch/middleware/session/abstract_store.rb:28:in `initialize'.

[2013-01-07 15:12:01] INFO WEBrick 1.3.1
[2013-01-07 15:12:01] INFO ruby 1.9.3 (2012-11-28) [java]
[2013-01-07 15:12:01] INFO WEBrick::HTTPServer#start: pid=17280 port=3000

seel also http://stackoverflow.com/questions/10374871/no-secret-option-provided-to-racksessioncookie-warning

Actions

Also available in: Atom PDF