I’ve noticed that a lot of open-source rails apps come with a secret key used for cookie sessions checked into their public repo. My worry is that this key may be used by others in production, which could cause a security concern. If you think you might be affected, read more on the rails core list.