Merged
Conversation
These are the same autoloads previously used when the session support was included in rack. Remove the duplicate constant definitions to avoid constant warnings when rack is also in use (which it must be for this to work, as parts of rack-session depend on rack).
Previously, :secret was used to store the HMAC secret. If it is used, use it as a fallback to set both the encryption secret and the legacy HMAC secret. From a cryptographic perspective, it's best to avoid sharing secrets like this, even though I'm guessing it is not vulnerable (note: this is not an educated guess). I think this is better than completely breaking backwards compatibility. The best way to handle conversion from legacy HMAC would be to specify :secrets in addition to :secret (or :legacy_hmac_secret), then remove :secret/:legacy_hmac_secret after all sessions have been upgraded.
Contributor
Author
|
@ioquatix flagging you as reviewer (GitHub UI isn't offering you as an option). |
ioquatix
requested changes
Feb 23, 2022
Member
ioquatix
left a comment
ioquatix
left a comment
There was a problem hiding this comment.
LGTM, just some minor discussion points.
FNM_DOTMATCH is not needed (no additional files would match with it). base keyword is what breaks CI on Ruby 2.4, and is not needed as gem is generally build already in the same directory as the gemspec.
ioquatix
reviewed
Feb 23, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix autoloading.
Avoid defining constants that conflict with Rack.
Make Rack::Session::Cookie backwards compatible with :secret option.