What is the use of secret_key_base in rails 4

Question

I am new to Rails 4, and do not understand the use of secret_key_base under config/secrets.yml in Rails 4. Can you please explain this concept?

Answer 1

secret_key_base is used to encrypt and sign session

in order to safely send session back and forth in cookies

---

In Rails 4,

1. if your app is called Hello, and
2. you set session['a'] = 'b',

your cookie will look something like this:

_Hello_session=BAh7B0kiD3%3D%3D--dc40a55cd52fe32bb3b84ae0608956dfb5824689

which translates into:

_Hello_session=--

Cookies are set by server and kept client side, with browser resending set cookies to the server every time we request a page.

To prevent evil people from understanding a=b string, it's encrypted.
To prevent evil people from tampering cookies, digital signature is used.

In both cases secret_key_base value is used (to encrypt/decrypt a=b and to validate digital signature).