tracks icon indicating copy to clipboard operation
tracks copied to clipboard

Published 20 hours ago verified publisher icon TracksApp

Use a newer cookie serializer

Open dnrce opened this issue 10 years ago • 8 comments

Tracks isn't yet using the new config/initializers/cookies_serializer.rb that shipped with Rails 4.1. See http://guides.rubyonrails.org/upgrading_ruby_on_rails.html#cookies-serializer

dnrce avatar Sep 13 '14 02:09 dnrce

I do not see exactly what needs to be changed here. We do not store much in the cookie anyway. Do we need this?

lrbalt avatar Sep 22 '14 08:09 lrbalt

If I understand that guide correctly, the JSON cookie serializer is an optional thing.

mattr- avatar Sep 25 '14 12:09 mattr-

It's a minor security improvement. I also imagine the old serializer will eventually be removed, though not anytime soon.

dnrce avatar Sep 25 '14 16:09 dnrce

could you pick this one up? or do we schedule it for 2.4/3.0?

lrbalt avatar Sep 26 '14 12:09 lrbalt

2.4 would be good. It would be good to do one release with the hybrid serializer as a transition, then JSON-only on the next one.

dnrce avatar Sep 26 '14 23:09 dnrce

The hybrid serializer is already on, right? So nothing todo for 2.3?

lrbalt avatar Sep 30 '14 10:09 lrbalt

No, it stays on Marshal until the hybrid serializer is explicitly enabled. The hybrid reads Marshal cookies and writes JSON cookies. It provides a clean transition for end users, but the application needs to be validated for JSON cookie compatibility before enabling it.

Let's go hybrid for 2.4 and JSON for 3.0.

dnrce avatar Sep 30 '14 15:09 dnrce

This was apparently done in #2145. Changing from hybrid to json should be done later on.

ZeiP avatar Jun 27 '19 23:06 ZeiP