No secret option provided to Rack::Session::Cookie warning?

Question

I am running Rails 3.2.3, Ruby 1.9 under Fedora 17. I get this warning, when I run rails s, and how do I fix?

SECURITY WARNING: No secre

Answer 1

Reading the discussion based on tehgeekmeisters answer, this warning is popping up as Rails is using Rack cookies in a different way than intended. It should be ok to just ignore this warning for now until there is a final agreement on how to handle this issue and a fix in place.

Answer 2

rails 3.2.9 - ruby 1.9.3p125 (2012-02-16 revision 34643) [i686-linux]

Hello everyone, the following has worked for me, it may work for you.

/usr/local/lib/ruby/gems/1.9.1/gems/actionpack-3.2.9/lib/action_dispatch/middleware/session/abstract_store.rb

module Compatibility
          def initialize(app, options = {})
            options[:key]     ||= '_session_id'
            #fixed warning - SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
            options[:secret] ||= Rails.application.config.secret_token
            super
          end
    end

Answer 3

This issue has been worked around in the just released Rails 3.2.11.

Log: https://github.com/rails/rails/commits/v3.2.11

Commit: https://github.com/rails/rails/commit/95fe9ef945a35f56fa1c3ef356aec4a3b868937c

Answer 4

An issue has been opened in Github https://github.com/rails/rails/issues/8789. It appears that a bug involving Rails 3.2.10 with Rack 1.4.2 is causing this. IMO, it can be safely ignored till the issue is resolved.

EDIT: This issue has been resolved in Rails 3.2.11.

Answer 5

rails update to 3.2.13 ,can solve this question.

Answer 6

This is a Rails bug, as the subclass is violating the superclass API contract.

The warning can be safely ignored by Rails users.

(https://github.com/rack/rack/issues/485#issuecomment-11956708, emphasis added)

Confirmation on the rails bug discussion: https://github.com/rails/rails/issues/7372#issuecomment-11981397