1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

[ci skip] Prefer cookies.encrypted over signed (#30129)

In some examples and guides we are recommending to use code like:

```ruby
verified_user = User.find_by(id: cookies.signed[:user_id])
```

My suggestion is to use instead:

```ruby
verified_user = User.find_by(id: cookies.encrypted[:user_id])
```

which invites users to prefer the "newer" encrypted cookies over the
"legacy" signed cookies.
This commit is contained in:
Claudio B 2017-08-07 20:32:03 -07:00 committed by David Heinemeier Hansson
parent 7c89948c41
commit af954ddd54
4 changed files with 4 additions and 4 deletions

View file

@ -53,7 +53,7 @@ module ApplicationCable
private
def find_verified_user
if verified_user = User.find_by(id: cookies.signed[:user_id])
if verified_user = User.find_by(id: cookies.encrypted[:user_id])
verified_user
else
reject_unauthorized_connection

View file

@ -26,7 +26,7 @@ module ActionCable
#
# private
# def find_verified_user
# User.find_by_identity(cookies.signed[:identity_id]) ||
# User.find_by_identity(cookies.encrypted[:identity_id]) ||
# reject_unauthorized_connection
# end
# end

View file

@ -33,7 +33,7 @@ module ActiveSupport
#
# private
# def authenticate
# if authenticated_user = User.find_by(id: cookies.signed[:user_id])
# if authenticated_user = User.find_by(id: cookies.encrypted[:user_id])
# Current.user = authenticated_user
# else
# redirect_to new_session_url

View file

@ -64,7 +64,7 @@ module ApplicationCable
private
def find_verified_user
if verified_user = User.find_by(id: cookies.signed[:user_id])
if verified_user = User.find_by(id: cookies.encrypted[:user_id])
verified_user
else
reject_unauthorized_connection