snuxoll.com

    So, this is a bit of a two-in-one here, so before I get started I have an announcement to make, ircwall's source code will soon be available for download. The name for the codebase will become irsea, and it will be freely available under the BSD license, although my SASS/HAML template for ircwall will not ;)

    Now, while refactoring some of irsea to make it suitable for easy installation, I needed a way to generate a secure salt for the application automatically, so you didn't have to make or generate your own during the install process. This is because merb by default stores the session in a cookie like a good little web framework, but it needs a secure salt to hash the cookie against. So, I present you with SecureSession.

    SafeSession is a pretty straight forward class, and it's dead easy to setup in a merb application, and I'm sure you can plug it into rails or sinatra as well. But, since irsea is a merb app I haven't spent any time researching how to do so, but I encourage you to post a solution as a comment. Anyways, to use secure session with merb you have to do two things:

1. Put the code in a file and require it in your init.rb
2. Create a new instance of SafeSession and retrieve the salt

    So, let's save the code to merb/extensions/safe_session.rb for now (rename it if you will, but I expect you to know how to change the require path) first, then modify config/init.rb and make your Merb::Config section look something like this:

    And that's it, SafeSession will attempt to read a salt stored in config/salt first, but if that doesn't exist it will generate a new saltfile for you automatically! Just remember to add config/salt to your .gitignore .svnignore .bzrignore or whatever, because you don't want to be sharing a secret like that!