Various Fixes by jeremyevans · Pull Request #1 · rack/rack-session
added 4 commits
February 22, 2022 20:22
These are the same autoloads previously used when the session support was included in rack. Remove the duplicate constant definitions to avoid constant warnings when rack is also in use (which it must be for this to work, as parts of rack-session depend on rack).
Previously, :secret was used to store the HMAC secret. If it is used, use it as a fallback to set both the encryption secret and the legacy HMAC secret. From a cryptographic perspective, it's best to avoid sharing secrets like this, even though I'm guessing it is not vulnerable (note: this is not an educated guess). I think this is better than completely breaking backwards compatibility. The best way to handle conversion from legacy HMAC would be to specify :secrets in addition to :secret (or :legacy_hmac_secret), then remove :secret/:legacy_hmac_secret after all sessions have been upgraded.
FNM_DOTMATCH is not needed (no additional files would match with it). base keyword is what breaks CI on Ruby 2.4, and is not needed as gem is generally build already in the same directory as the gemspec.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters