protected Method

RequestForgeryProtection.authenticity_token_from_session_id

Source
Home > Ruby > Rails > Rails 2.0.2 > ActionPack EDGE > ActionController > RequestForgeryProtection > authenticity_token_from_session_id

Generates a unique digest using the session_id and the CSRF secret.

Source Code

# File action_controller/request_forgery_protection.rb, line 119
def authenticity_token_from_session_id
  key = if request_forgery_protection_options[:secret].respond_to?(:call)
    request_forgery_protection_options[:secret].call(@session)
  else
    request_forgery_protection_options[:secret]
  end
  digest = request_forgery_protection_options[:digest] ||= 'SHA1'
  OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(digest), key.to_s, session.session_id.to_s)
end
Comments

Have your say
Please use Textile formatting (click here for a cheat sheet). Use <code/> and <pre/> for code samples.
Click here to login with OpenID to to post comments.