You might have found this already:
in config/environments/development.rb
Merb::Config.use { |c|
c[:ignore_tampered_cookies] = true
Then search on ignore_tampered_cookies which will find
cookie.rb where TamperedWithCookie exception is raised.
HTH,
Roy
On Jan 19, 2009, at 1:58 AM, Jon Hancock wrote:
>
> now I've pushed some more code into production and retested. In
> production mode I get a proper "Tampered with cookie" error. In
> development mode, it seems to be blissfully ignoring the fact that my
> session_secret_key has changed.
>
> This isn't a serious security problem. Now I need to figure out how
> to deal with the production error. The default behavior of showing
> the end user a merb exception page isn't very interesting. What I
> want is to simply throw away the old cookie as it isn't actually
> tampered with.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"merb" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [email protected]
For more options, visit this group at http://groups.google.com/group/merb?hl=en
-~----------~----~----~----~------~----~------~--~---
