method

authenticity_token_from_session_id

v2.2.1 - Show latest stable - Class: ActionController::RequestForgeryProtection

authenticity_token_from_session_id()

protected

Generates a unique digest using the session_id and the CSRF secret.

# File actionpack/lib/action_controller/request_forgery_protection.rb, line 120
      def authenticity_token_from_session_id
        key = if request_forgery_protection_options[:secret].respond_to?(:call)
          request_forgery_protection_options[:secret].call(@session)
        else
          request_forgery_protection_options[:secret]
        end
        digest = request_forgery_protection_options[:digest] ||= 'SHA1'
        OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(digest), key.to_s, session.session_id.to_s)
      end

authenticity_token_from_session_id

Related methods