Merge remote-tracking branch 'openaustralia_github/rails_3_cookies_prefix' into rails-3-develop

author: Louise Crow <louise.crow@gmail.com> 2013-05-13 16:31:29 +0100
committer: Louise Crow <louise.crow@gmail.com> 2013-05-13 16:31:29 +0100
commit: 2c5cd290382d538f275bdc4c3364c48e791844d6 (patch)
tree: 5fe53030c7e269e0b3d79f151d36211ce09ded7a
parent: 1908adffcf39e2639925bddfc3b912c9e08d0162 (diff)
parent: df348ce77c51334e059f9ede70aca67524bdcbd5 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index f82348169..d120b94ae 100644
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -4,4 +4,9 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-Alaveteli::Application.config.secret_token = AlaveteliConfiguration::cookie_store_session_secret
+
+# Just plopping an extra character on the secret_token so that any sessions on upgrading from
+# Rails 2 to Rails 3 version of Alaveteli are invalidated.
+# See http://blog.carbonfive.com/2011/03/19/rails-3-upgrade-tip-invalidate-session-cookies/
+
+Alaveteli::Application.config.secret_token = "3" + AlaveteliConfiguration::cookie_store_session_secret
author	Louise Crow <louise.crow@gmail.com>	2013-05-13 16:31:29 +0100
committer	Louise Crow <louise.crow@gmail.com>	2013-05-13 16:31:29 +0100
commit	2c5cd290382d538f275bdc4c3364c48e791844d6 (patch)
tree	5fe53030c7e269e0b3d79f151d36211ce09ded7a
parent	1908adffcf39e2639925bddfc3b912c9e08d0162 (diff)
parent	df348ce77c51334e059f9ede70aca67524bdcbd5 (diff)