dont store the token in the cookie, use in-memory sessions instead

Bruce1990 · May 14, 2014 · ab012fb · ab012fb
1 parent 291b814
commit ab012fb
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/api/ruby/basics-of-authentication/advanced_server.rb b/api/ruby/basics-of-authentication/advanced_server.rb
@@ -12,7 +12,7 @@
 CLIENT_ID = ENV['GH_BASIC_CLIENT_ID']
 CLIENT_SECRET = ENV['GH_BASIC_SECRET_ID']
 
-use Rack::Session::Cookie, :secret => rand.to_s()
+use Rack::Session::Pool, :cookie_only => false
 
 def authenticated?
   session[:access_token]