authlogic icon indicating copy to clipboard operation
authlogic copied to clipboard

Published 20 hours ago verified publisher icon binarylogic

Warnings generated when updating to Rack 3

Open adfoster-r7 opened this issue 4 months ago • 1 comments

ISSUES THAT DO NOT FOLLOW THIS TEMPLATE WILL BE CLOSED IMMEDIATELY.

  • [x] This is not a usage question.
    • Our volunteers' time is limited, so please ask usage questions on StackOverflow.
  • [x] This is not a security issue.
  • [x] This bug is reproducible with a clean install of authlogic
  • [x] I am committed to fixing this in a reasonable amount of time, and responding promptly to feedback.

Expected Behavior

No warnings to be generated on objects with namespaces present

Actual Behavior

01:02:34 web.1       | /Users/user/.rvm/gems/ruby-3.3.8@app/gems/rack-3.1.16/lib/rack/response.rb:271: warning: Cookie key "foo/bar" is not valid according to RFC2616; it will be escaped. This behaviour is deprecated and will be removed in a future version of Rack.

I believe this is caused by the / character

Potential solution

Problem:

> klass_name.underscore
01:17:07 web.1       | [2] pry(UserSession)> klass_name
01:17:08 web.1       | => "Foo::Bar"
01:17:13 web.1       | [3] pry(UserSession)> klass_name.underscore
01:17:13 web.1       | => "foo/bar"
01:17:18 web.1       | [4] pry(UserSession)> klass_name.method(:underscore)
01:17:18 web.1       | => #<Method: String#underscore() /Users/user/.rvm/gems/ruby-3.3.8@app/gems/activesupport-7.2.2.1/lib/active_support/core_ext/string/inflections.rb:139>

underscore docs:

underscore will also change ‘::’ to ‘/’ to convert namespaces to paths.

Potential solution:

           # The name of the cookie or the key in the cookies hash. Be sure and use
           # a unique name. If you have multiple sessions and they use the same
           # cookie it will cause problems. Also, if a id is set it will be
           # inserted into the beginning of the string. Example:
           #
           #   session = UserSession.new
           #   session.cookie_key => "user_credentials"
           #
           #   session = UserSession.new(:super_high_secret)
           #   session.cookie_key => "super_high_secret_user_credentials"
           #
           # * <tt>Default:</tt> "#{klass_name.underscore}_credentials"
           # * <tt>Accepts:</tt> String
           def cookie_key(value = nil)
-            rw_config(:cookie_key, value, "#{klass_name.underscore}_credentials")
+            rw_config(:cookie_key, value, "#{klass_name.underscore.gsub('/', '_')}_credentials")
           end
           alias cookie_key= cookie_key

adfoster-r7 avatar Jul 31 '25 00:07 adfoster-r7