Diff
Modified: trunk/config/default_settings.yml (2845 => 2846)
--- trunk/config/default_settings.yml 2011-11-28 12:55:20 UTC (rev 2845)
+++ trunk/config/default_settings.yml 2011-11-28 14:23:18 UTC (rev 2846)
@@ -330,6 +330,19 @@
secret_word: our_secret_word_that_no_one_knows
+# session store secret - This secret key is used for session store integrity.
+#
+# (see config/initializers/session_store.rb)
+
+session_store_secret: dc9f8b03a18fc2b7fa858bf660d9685f1637ed67c1ff0fd5c39978ec2f22ccca8201b32d89aeada76722b4ee5fa3df9df7400b37995636876a7140f0382231ef
+
+# cookie verifier secret - This secret key is used to verify cookie session
+# data integrity.
+#
+# (see config/initializers/cookie_verification_secret.rb)
+
+cookie_verifier_secret: 64a59b43e7aa93e55a5db119180a2973b584555f71e87388de5c27682407987446a0293dab64f5913cb19ead617893546b3646c98672905a38e6dfbfb5871034
+
# google_web_analytics - Enable this to enable Google web analytics.
google_web_analytics:
Modified: trunk/config/initializers/cookie_verification_secret.rb (2845 => 2846)
--- trunk/config/initializers/cookie_verification_secret.rb 2011-11-28 12:55:20 UTC (rev 2845)
+++ trunk/config/initializers/cookie_verification_secret.rb 2011-11-28 14:23:18 UTC (rev 2846)
@@ -4,4 +4,4 @@
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
-ActionController::Base.cookie_verifier_secret = '64a59b43e7aa93e55a5db119180a2973b584555f71e87388de5c27682407987446a0293dab64f5913cb19ead617893546b3646c98672905a38e6dfbfb5871034';
+ActionController::Base.cookie_verifier_secret = Conf.cookie_verifier_secret
Modified: trunk/config/initializers/session_store.rb (2845 => 2846)
--- trunk/config/initializers/session_store.rb 2011-11-28 12:55:20 UTC (rev 2845)
+++ trunk/config/initializers/session_store.rb 2011-11-28 14:23:18 UTC (rev 2846)
@@ -5,8 +5,8 @@
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
ActionController::Base.session = {
- :key => '_empty2311_session',
- :secret => 'dc9f8b03a18fc2b7fa858bf660d9685f1637ed67c1ff0fd5c39978ec2f22ccca8201b32d89aeada76722b4ee5fa3df9df7400b37995636876a7140f0382231ef'
+ :key => 'myexperiment_session',
+ :secret => Conf.session_store_secret
}
# Use the database for sessions instead of the cookie-based default,
Modified: trunk/lib/conf.rb (2845 => 2846)
--- trunk/lib/conf.rb 2011-11-28 12:55:20 UTC (rev 2845)
+++ trunk/lib/conf.rb 2011-11-28 14:23:18 UTC (rev 2846)
@@ -169,6 +169,14 @@
self.fetch_entry('recaptcha_private')
end
+ def self.session_store_secret
+ self.fetch_entry('session_store_secret')
+ end
+
+ def self.cookie_verifier_secret
+ self.fetch_entry('cookie_verifier_secret')
+ end
+
def self.layouts
#TODO: Perhaps implement code that can load different/extra settings files based on current environment
layouts = self.fetch_entry('layouts')