secret_token.rb
code Critical
Session Setting
Discovered over 5 years ago
Source: static code analysis
Category: Session Setting
Confidence level: High

Problem

Session secret should not be included in version control

Location

config/initializers/secret_token.rb:7


Category description: Session cookies should be http-only with the key of at least 30 characters; secret_token shouldn't be included in version control systems.

Solution: fix the issue in config/initializers/secret_token.rb or mark it as false positive.