Remove Activerecord session store (#798)

* idk * switch from AR storage to cookie based storage to resolve security issue * Update development.rb * testing cleanup
department-of-veterans-affairs · Mar 9, 2021 · 2e5f3ce · 2e5f3ce
1 parent f70fff4
commit 2e5f3ce
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 11 deletions.
diff --git a/Gemfile b/Gemfile
@@ -18,9 +18,6 @@ gem 'rails', '~> 6.0.3.5'
 # JSON API
 gem 'active_model_serializers', '~> 0.10.4'
 
-# Switch from cookie based storage to AR storage in case of failure pushing to GIBCT
-gem 'activerecord-session_store', '~> 1.0'
-
 gem 'bcrypt', '~> 3.1.7'
 # Use cancancan for authorization
 gem 'cancancan', '~> 1.13', '>= 1.13.1'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -61,12 +61,6 @@ GEM
       activesupport (= 6.0.3.5)
     activerecord-import (1.0.5)
       activerecord (>= 3.2)
-    activerecord-session_store (1.1.3)
-      actionpack (>= 4.0)
-      activerecord (>= 4.0)
-      multi_json (~> 1.11, >= 1.11.2)
-      rack (>= 1.5.2, < 3)
-      railties (>= 4.0)
     activestorage (6.0.3.5)
       actionpack (= 6.0.3.5)
       activejob (= 6.0.3.5)
@@ -438,7 +432,6 @@ PLATFORMS
 DEPENDENCIES
   active_model_serializers (~> 0.10.4)
   activerecord-import
-  activerecord-session_store (~> 1.0)
   bcrypt (~> 3.1.7)
   brakeman
   bundler-audit

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
@@ -1,3 +1,3 @@
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :active_record_store, key: '_gibct-data-service_session'
+Rails.application.config.session_store :cookie_store, key: '_gibct-data-service_session'