What is the best way to read the Rails session secret?

9
votes

I would like to access the Rails session secret programmatically (I am using it to generate a sign-on token).

Here's what I've come up with:

ActionController::Base.session.first[:secret]

This returns the session secret. However, every time you call ActionController::Base.session it adds another entry to an array so you end up with something like this:

[{:session_key=>"_new_app_session", :secret=>"totally-secret-you-guys"}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]

This strikes me as being no good.

Is there a better way to access the session secret?

5
ruby-on-railsrubysession

5 Answers

12
votes

For Rails4

Rails.configuration.secret_token
Rails.configuration.secret_key_base

For Rails3

Rails.configuration.secret_token

But if for Rails2.x, like Don Parish mentioned

ActionController::Base.session_options[:secret]
4
votes

Thanks, Jake.

Since the secret doesn't change based on the request or the action, this also works:

ActionController::Base.session_options_for(nil,nil)[:secret]
2
votes
ActionController::Base.session_options_for(request,params[:action])[:secret]
1
votes

For Rails 2.3, I've used:

ActionController::Base.session_options[:secret]
0
votes

For Rails 3, Rails.configuration is same to Rails.application.config, so Rails.configuration.secret_token acts just as what choonkeat provided.