Introduce (in /Users/jeremy/rails/git/trunk) to output a crytographically...

Introduce (in /Users/jeremy/rails/git/trunk) to output a crytographically secure secret key for use with cookie sessions. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8400 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

Introduce (in /Users/jeremy/rails/git/trunk) to output a crytographically...
Introduce (in /Users/jeremy/rails/git/trunk) to output a crytographically secure secret key for use with cookie sessions. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8400 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
70117b02 · Jeremy Kemper · 887870f2 · 70117b02 · 70117b02 · 70117b02
3 changed file
--- a/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/actionpack/lib/action_controller/session/cookie_store.rb
@@ -34,6 +34,9 @@
 #             defaults to 'SHA1' but may be any digest provided by OpenSSL,
 #             such as 'MD5', 'RIPEMD160', 'SHA256', etc.
 #
+# To generate a secret key for an existing application, run
+# `rake generate:secret` and set the key in config/environment.rb
+#
 # Note that changing digest or secret invalidates all existing sessions!
 class CGI::Session::CookieStore
  # Cookies can typically store 4096 bytes.

--- a/railties/CHANGELOG
+++ b/railties/CHANGELOG
 *SVN*

+* Introduce `rake generate:secret` to output a crytographically secure secret key for use with cookie sessions.  #xxxx [update from Trac]
+
 * Fixed that local database creation should consider 127.0.0.1 local #9026 [parcelbrat]

 * Fixed that functional tests generated for scaffolds should use fixture calls instead of hard-coded IDs #10435 [boone]

--- a/railties/lib/tasks/misc.rake
+++ b/railties/lib/tasks/misc.rake
 task :default => :test
 task :environment do
  require(File.join(RAILS_ROOT, 'config', 'environment'))
-end
\ No newline at end of file
+end
+
+require 'rails_generator/secret_key_generator'
+namespace :generate do
+  desc 'Generate a crytographically secure secret key. This is typically used to generate a secret for cookie sessions. Pass a unique identifier to the generator using ID="some unique identifier" for greater security.'
+  task :secret do
+    puts Rails::SecretKeyGenerator.new(ENV['ID']).generate_secret
+  end
+end