diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/environment.rb | 9 | ||||
| -rw-r--r-- | config/general.yml-example | 6 | ||||
| -rw-r--r-- | config/initializers/session_store.rb | 17 |
3 files changed, 23 insertions, 9 deletions
diff --git a/config/environment.rb b/config/environment.rb index ec6a4096f..a40c2df4e 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -61,15 +61,6 @@ Rails::Initializer.run do |config| config.gem 'routing-filter' config.gem 'will_paginate', :version => '~> 2.3.11', :source => 'http://gemcutter.org' #GettextI18nRails.translations_are_html_safe = true - # Your secret key for verifying cookie session data integrity. - # If you change this key, all old sessions will become invalid! - # Make sure the secret is at least 30 characters and all random, - # no regular words or you'll be exposed to dictionary attacks. - config.action_controller.session = { - :key => '_wdtk_cookie_session', - :secret => MySociety::Config.get("COOKIE_STORE_SESSION_SECRET", 'this default is insecure as code is open source, please override for live sites in config/general; this will do for local development') - } - config.action_controller.session_store = :cookie_store # Use SQL instead of Active Record's schema dumper when creating the test database. # This is necessary if your schema can't be completely dumped by the schema dumper, diff --git a/config/general.yml-example b/config/general.yml-example index 60a527302..fb2afd336 100644 --- a/config/general.yml-example +++ b/config/general.yml-example @@ -87,3 +87,9 @@ STAGING_SITE: 1 RECAPTCHA_PUBLIC_KEY: 'x' RECAPTCHA_PRIVATE_KEY: 'x' +# For debugging memory problems. If true, the app logs +# the memory use increase of the Ruby process due to the +# request (Linux only). Since Ruby never returns memory to the OS, if the +# existing process previously served a larger request, this won't +# show any consumption for the later request. +DEBUG_RECORD_MEMORY: false
\ No newline at end of file diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb new file mode 100644 index 000000000..9ef2dddc1 --- /dev/null +++ b/config/initializers/session_store.rb @@ -0,0 +1,17 @@ +# Be sure to restart your server when you modify this file. + +# Your secret key for verifying cookie session data integrity. +# If you change this key, all old sessions will become invalid! +# Make sure the secret is at least 30 characters and all random, +# no regular words or you'll be exposed to dictionary attacks. + +ActionController::Base.session = { + :key => '_wdtk_cookie_session', + :secret => MySociety::Config.get("COOKIE_STORE_SESSION_SECRET", 'this default is insecure as code is open source, please override for live sites in config/general; this will do for local development') +} +ActionController::Base.session_store = :cookie_store + +# Insert a bit of middleware code to prevent uneeded cookie setting. +require "#{RAILS_ROOT}/lib/whatdotheyknow/strip_empty_sessions" +ActionController::Dispatcher.middleware.insert_before ActionController::Base.session_store, WhatDoTheyKnow::StripEmptySessions, :key => '_wdtk_cookie_session', :path => "/", :httponly => true + |