Suggest setting session secret.

[imwilsonxu]

From Sinatra's doc:

A random secret is generated for you by Sinatra. However, since this secret will change with every start of your application...

Setting session secret not only increase security, but prevent Sinatra from regenerating session every time if you use shotgun or tmp/always_restart.

So, a simple hotfix, in config.ru:

+ set :session_secret, 'i am a secret'

[simsicon]

Hi, Thanks giving this suggestion, the purpose of using sinatra in this example is just to give a clue of integrating weibo_2 into a normal ruby project, I was not considering sinatra security or performance. However, since it's a open source project, please feel free to add what you think might improve it then pull request, I will try to merge it if it's proper. Thanks again, I am closing this issue.

[imwilsonxu]

Thanks for for your reply.

I just tried the example and found session[:uid] was missing after oauth. Weird, after some digging, I was pretty sure that the session was regnerated for every request since I use tmp/always_restart.txt for easier dev.

This could be fixed by either remove always_restart or set session secret, so I created an issue which might help others.

Best,

[simsicon]

Gotcha, thank you for paying attention.