Kevin
Reputation: 23634
What is the use of secret_token in rails?
I today tried out the rail's tutorial and was confused over this part of generating secret-code.
http://ruby.railstutorial.org/chapters/static-pages#top
require 'securerandom'
def secure_token
token_file = Rails.root.join('.secret')
if File.exist?(token_file)
# Use the existing token.
File.read(token_file).chomp
else
# Generate a new token and store it in token_file.
token = SecureRandom.hex(64)
File.write(token_file, token)
token
end
end
SampleApp::Application.config.secret_token = secure_token
Can anyone explain me what is the need of this file. What is the purpose of this 64 bit generated secret string.
Upvotes: 0
Views: 244
Answers (1)
rudolph9
Reputation: 8129
As it says in the comments of that file:
Your secret key is used for verifying the integrity of signed cookies.
Signed cookies are used to store session info or what else you want to allocate to user and only that user.
See here for more info on sessions and cookies.
Upvotes: 2
Related Questions
- Understanding the Rails Authenticity Token
- How to use the `authenticate_or_request_with_http_token` method
- Does Rails 4.2 use secret_token?
- which method is used to generate "Application.config.secret_token = '...'"?
- Explain the use of tokens in transmitting data over GET
- What is the Rails secret token and how do I set it?
- Ruby on Rails config.secret_token error
- rails 3 authenticity_token how it is generated
- is rails "secret_token" still important with config.session_store(:cache_store)?
- Rails secret token