Closed mperham closed 2 years ago
Not sure what is going wrong here. My guess is that an incorrect version of rack-session is being loaded, because I do not get a warning printed when I run the following from inside a rack-session checkout (with current rack checked out to ../rack
):
$ ruby -I lib -I ../rack/lib -r rack/session -rsecurerandom -e "Rack::Session::Cookie.new(nil, secret: SecureRandom.hex(32), same_site: true, max_age: 86400)"
Just in case rackup is involved, I tried the following simple.ru
:
secret_key = SecureRandom.hex(32)
use Rack::Session::Cookie, secret: secret_key, same_site: true, max_age: 86400
run{}
and ran it with (with current rackup checked out to ../rackup
):
$ ruby -I lib -I ../rack/lib -r securerandom -r rack/session ../rackup/bin/rackup simple.ru
[2022-08-09 08:44:33] INFO WEBrick 1.7.0
[2022-08-09 08:44:33] INFO ruby 3.1.2 (2022-04-12) [x86_64-openbsd]
[2022-08-09 08:44:33] INFO WEBrick::HTTPServer#start: pid=64323 port=9292
As you can see, no warnings displayed.
Any chance your Gemfile is pulling in something else?
Works with latest.
I'm clearly passing a
:secret
and the internal logic ofsecure?
seems to have nothing to do with:secret
so I think there's some legacy cruft here.