if cookie is tampered with then nil is returned [ci skip]

if the given key is not found then verifier does raise `ActiveSupport::MessageVerifier::InvalidSignature` exception but this exception is resuced and finally nil is returned.
2022-11-09 12:12:34 -05:00 · 2013-03-25 09:40:57 -04:00 · 2013-03-25 09:40:57 -04:00 · d36cfa2231
commit d36cfa2231
parent 8caafd9076
1 changed files with 2 additions and 4 deletions
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@ -115,8 +115,7 @@ module ActionDispatch

      # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
      # the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
-      # cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
-      # be raised.
+      # cookie was tampered with by the user (or a 3rd party), nil will be returned.
      #
      # This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
      #
@ -142,8 +141,7 @@ module ActionDispatch
      end

      # Returns a jar that'll automatically encrypt cookie values before sending them to the client and will decrypt them for read.
-      # If the cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception
-      # will be raised.
+      # If the cookie was tampered with by the user (or a 3rd party), nil will be returned.
      #
      # This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
      #