aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXavier Noria <fxn@hashref.com>2009-02-07 15:06:26 +0100
committerXavier Noria <fxn@hashref.com>2009-02-07 15:06:26 +0100
commit01f82d62dcc32dd7ee0ecbac7505786dca941973 (patch)
tree84999047706f86c6f02323daea08f99cf5c8f942
parentf11616b521b4e494182c0041f37f465597a7ad97 (diff)
downloadrails-01f82d62dcc32dd7ee0ecbac7505786dca941973.tar.gz
rails-01f82d62dcc32dd7ee0ecbac7505786dca941973.tar.bz2
rails-01f82d62dcc32dd7ee0ecbac7505786dca941973.zip
edged coverage of session storage configuration
-rw-r--r--railties/guides/source/action_controller_overview.textile20
1 files changed, 13 insertions, 7 deletions
diff --git a/railties/guides/source/action_controller_overview.textile b/railties/guides/source/action_controller_overview.textile
index 885c691efb..137349e2ff 100644
--- a/railties/guides/source/action_controller_overview.textile
+++ b/railties/guides/source/action_controller_overview.textile
@@ -171,19 +171,25 @@ The CookieStore can store around 4kB of data - much less than the others - but t
Read more about session storage in the "Security Guide":security.html.
-If you need a different session storage mechanism, you can change it in the +config/environment.rb+ file:
+If you need a different session storage mechanism, you can change it in the +config/initializers/session_store.rb+ file:
<ruby>
-# Set to one of [:active_record_store, :drb_store, :mem_cache_store, :cookie_store]
-config.action_controller.session_store = :active_record_store
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rake db:sessions:create")
+# ActionController::Base.session_store = :active_record_store
</ruby>
-Rails sets up a session key (the name of the cookie) and (for the CookieStore) a secret key used when signing the session data. These can also be changed in +config/environment.rb+:
+Rails sets up a session key (the name of the cookie) and (for the CookieStore) a secret key used when signing the session data. These can also be changed in +config/initializers/session_store.rb+:
<ruby>
-config.actioncontroller.session = {
- :key => "_yourappname_session",
- :secret => "g7tr273tr823ter823tr2qtr8q73w8q3trh76t878..."
+# Your secret key for verifying cookie session data integrity.
+# If you change this key, all old sessions will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+ActionController::Base.session = {
+ :key => '_yourappname_session',
+ :secret => '4f50711b8f0f49572...'
}
</ruby>