mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
[ci skip] Prefer cookies.encrypted over signed (#30129)
In some examples and guides we are recommending to use code like: ```ruby verified_user = User.find_by(id: cookies.signed[:user_id]) ``` My suggestion is to use instead: ```ruby verified_user = User.find_by(id: cookies.encrypted[:user_id]) ``` which invites users to prefer the "newer" encrypted cookies over the "legacy" signed cookies.
This commit is contained in:
parent
7c89948c41
commit
af954ddd54
4 changed files with 4 additions and 4 deletions
|
@ -53,7 +53,7 @@ module ApplicationCable
|
|||
|
||||
private
|
||||
def find_verified_user
|
||||
if verified_user = User.find_by(id: cookies.signed[:user_id])
|
||||
if verified_user = User.find_by(id: cookies.encrypted[:user_id])
|
||||
verified_user
|
||||
else
|
||||
reject_unauthorized_connection
|
||||
|
|
|
@ -26,7 +26,7 @@ module ActionCable
|
|||
#
|
||||
# private
|
||||
# def find_verified_user
|
||||
# User.find_by_identity(cookies.signed[:identity_id]) ||
|
||||
# User.find_by_identity(cookies.encrypted[:identity_id]) ||
|
||||
# reject_unauthorized_connection
|
||||
# end
|
||||
# end
|
||||
|
|
|
@ -33,7 +33,7 @@ module ActiveSupport
|
|||
#
|
||||
# private
|
||||
# def authenticate
|
||||
# if authenticated_user = User.find_by(id: cookies.signed[:user_id])
|
||||
# if authenticated_user = User.find_by(id: cookies.encrypted[:user_id])
|
||||
# Current.user = authenticated_user
|
||||
# else
|
||||
# redirect_to new_session_url
|
||||
|
|
|
@ -64,7 +64,7 @@ module ApplicationCable
|
|||
|
||||
private
|
||||
def find_verified_user
|
||||
if verified_user = User.find_by(id: cookies.signed[:user_id])
|
||||
if verified_user = User.find_by(id: cookies.encrypted[:user_id])
|
||||
verified_user
|
||||
else
|
||||
reject_unauthorized_connection
|
||||
|
|
Loading…
Reference in a new issue