Cookie session store: raise ArgumentError when :session_key is blank.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6415 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

Cookie session store: raise ArgumentError when :session_key is blank.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6415 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
5219aa90 · Jeremy Kemper · 5bd116cc · 5219aa90 · 5219aa90 · 5219aa90
3 changed file
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
 *SVN*

+* Cookie session store: raise ArgumentError when :session_key is blank.  [Jeremy Kemper]
+
 * Deprecation: remove deprecated request, redirect, and dependency methods. Remove deprecated instance variables. Remove deprecated url_for(:symbol, *args) and redirect_to(:symbol, *args) in favor of named routes. Remove uses_component_template_root for toplevel components directory. Privatize deprecated render_partial and render_partial_collection view methods. Remove deprecated link_to_image, link_image_to, update_element_function, start_form_tag, and end_form_tag helper methods. Remove deprecated human_size helper alias.  [Jeremy Kemper]

 * Consistent public/protected/private visibility for chained methods.  #7813 [Dan Manges]

--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -44,9 +44,14 @@ class TamperedWithCookie < StandardError; end

  # Called from CGI::Session only.
  def initialize(session, options = {})
+    # The session_key option is required.
+    if options['session_key'].blank?
+      raise ArgumentError, 'A session_key is required to write a cookie containing the session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase" } in config/environment.rb'
+    end
+
    # The secret option is required.
    if options['secret'].blank?
-      raise ArgumentError, 'A secret is required to generate an integrity hash for cookie session data. Use config.action_controller.session = { :secret => "some secret phrase" } in config/environment.rb'
+      raise ArgumentError, 'A secret is required to generate an integrity hash for cookie session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase" } in config/environment.rb'
    end

    # Keep the session and its secret on hand so we can read and write cookies.

--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -37,6 +37,12 @@ def setup
    ENV.delete('HTTP_COOKIE')
  end

+  def test_raises_argument_error_if_missing_session_key
+    [nil, ''].each do |blank|
+      assert_raise(ArgumentError, blank.inspect) { new_session 'session_key' => blank }
+    end
+  end
+
  def test_raises_argument_error_if_missing_secret
    [nil, ''].each do |blank|
      assert_raise(ArgumentError, blank.inspect) { new_session 'secret' => blank }