From 8e234ec2a3ce4f2325cf63922e7564013f7fe939 Mon Sep 17 00:00:00 2001
From: Kevin Dew <kevindew@me.com>
Date: Wed, 28 Dec 2022 21:43:40 +0000
Subject: [PATCH] Remove Rails 7 cookie rotation

This has not been needed since this app was deployed (if at all, as I
don't think this app uses sessions).
---
 config/application.rb | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/config/application.rb b/config/application.rb
index 53832619e..45c2dcaf4 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -131,22 +131,5 @@ class Application < Rails::Application
 
     # Do not swallow errors in after_commit/after_rollback callbacks.
     # config.active_record.raise_in_transactional_callbacks = true
-
-    # Rotate SHA1 cookies to SHA256 (the new Rails 7 default)
-    # TODO: Remove this after existing user sessions have been rotated
-    # https://guides.rubyonrails.org/v7.0/upgrading_ruby_on_rails.html#key-generator-digest-class-changing-to-use-sha256
-    Rails.application.config.action_dispatch.cookies_rotations.tap do |cookies|
-      salt = Rails.application.config.action_dispatch.authenticated_encrypted_cookie_salt
-      secret_key_base = Rails.application.secrets.secret_key_base
-      next if secret_key_base.blank?
-
-      key_generator = ActiveSupport::KeyGenerator.new(
-        secret_key_base, iterations: 1000, hash_digest_class: OpenSSL::Digest::SHA1
-      )
-      key_len = ActiveSupport::MessageEncryptor.key_len
-      secret = key_generator.generate_key(salt, key_len)
-
-      cookies.rotate :encrypted, secret
-    end
   end
 end