# File lib/action_controller/request_forgery_protection.rb, line 120 def authenticity_token_from_session_id key = if request_forgery_protection_options[:secret].respond_to?(:call) request_forgery_protection_options[:secret].call(@session) else request_forgery_protection_options[:secret] end digest = request_forgery_protection_options[:digest] ||= 'SHA1' OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(digest), key.to_s, session.session_id.to_s) end