search

rack / rack-session

MIT License
32 stars 14 forks source link

Fix `auth_tag` retrieval on JRuby #32

Closed jcmfernandes closed 8 months ago

jcmfernandes commented 8 months ago

Address the issue reported in https://github.com/rack/rack-session/pull/23#issuecomment-1895468336.

mhenrixon commented 8 months ago

@ioquatix @jcmfernandes, how can I fix the following message after an upgrade?

invalid secret: 9, must be >=64

I use it in a test for sidekiq-unique-jobs:

RSpec.describe SidekiqUniqueJobs::Web do
  include Rack::Test::Methods
  include RSpecHtmlMatchers

  def app
    @app ||= Rack::Builder.new do
      use Rack::Session::Cookie,
          key: "rack.session",
          domain: "foo.com",
          path: "/",
          expire_after: 2_592_000,
          secret: "change_me",
          old_secret: "also_change_me"

      run Sidekiq::Web
    end
  end

  before do
    flush_redis
  end
end

I am a little stumped by this, but I figured that rack-session was upgraded as part of upgrading Sinatra when updating Sidekiq 🤦‍♂️🙈

mhenrixon commented 8 months ago

I am a little stumped by this, but I figured that rack-session was upgraded as part of upgrading Sinatra when updating Sidekiq 🤦‍♂️🙈

Alright, I just needed to make the secrets long enough, and it worked.

jcmfernandes commented 8 months ago

I'm glad you sorted it out @mhenrixon. The error has nothing to do with this PR though. Unlike the cookie-based session management that shipped with rack v2, rack-session (rightfully) requires longer secrets.