use encrypted cookies on new installations

2014-01-16 13:01:11 +01:00 · 2014-01-16 13:01:11 +01:00 · ab514d7eb6
commit ab514d7eb6
parent 7841245795
4 changed files with 8 additions and 4 deletions
--- a/config/initializers/secret_token.rb.SAMPLE
+++ b/config/initializers/secret_token.rb.SAMPLE
@ -4,4 +4,7 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-Foodsoft::Application.config.secret_token = '2be5574568ff4d270b108399078a8e485b363af84d441d02d2a6fd3fc51a8c015065790b7e414134e6d97ffc40da898a5a12f66f9de6b992b7ea96e7a34839b8'
+Foodsoft::Application.config.secret_key_base = 'you really really need to change me!'
+
+# When you're upgrading from Rails 3, it's ok to keep using `secret_token`.
+# http://api.rubyonrails.org/classes/ActionDispatch/Session/CookieStore.html