github.rb in sinatra_auth_github-1.1.0

- old
+ new

@@ -157,9 +157,21 @@
             :client_id     => app.github_options[:client_id]    || ENV['GITHUB_CLIENT_ID'],
             :client_secret => app.github_options[:secret]       || ENV['GITHUB_CLIENT_SECRET'],
             :scope         => app.github_options[:scopes]       || '',
             :redirect_uri  => app.github_options[:callback_url] || '/auth/github/callback'
           }
+
+          manager.serialize_from_session { |key| Warden::GitHub::Verifier.load(key) }
+          manager.serialize_into_session { |user| Warden::GitHub::Verifier.dump(user) }
+        end
+
+
+        # Sign cookie sessions in with AS::Verifier
+        ENV['WARDEN_GITHUB_VERIFIER_SECRET'] ||= ENV['GITHUB_VERIFIER_SECRET']
+
+        unless ENV['WARDEN_GITHUB_VERIFIER_SECRET']
+          warn "No WARDEN_GITHUB_VERIFIER_SECRET environmental variable found."
+          warn "Your sessions are likely being stored insecurely."
         end
 
         app.helpers Helpers
 
         app.get '/auth/github/callback' do