aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPrem Sichanugrist <s@sikachu.com>2012-08-24 14:26:00 -0400
committerPrem Sichanugrist <s@sikachu.com>2012-08-24 15:24:19 -0400
commitaa4655806a7c01d1597d1323a73040e6e7aa4060 (patch)
treef4c102d778b1f2b92f7f5a5df1345b7b6f5ef3a3
parent0ffe19056c8e8b2f9ae9d487b896cad2ce9387ad (diff)
downloadrails-aa4655806a7c01d1597d1323a73040e6e7aa4060.tar.gz
rails-aa4655806a7c01d1597d1323a73040e6e7aa4060.tar.bz2
rails-aa4655806a7c01d1597d1323a73040e6e7aa4060.zip
Update guide/release note about AR::SessionStore
-rw-r--r--guides/source/4_0_release_notes.textile2
-rw-r--r--guides/source/action_controller_overview.textile4
-rw-r--r--guides/source/configuring.textile10
-rw-r--r--guides/source/security.textile4
4 files changed, 6 insertions, 14 deletions
diff --git a/guides/source/4_0_release_notes.textile b/guides/source/4_0_release_notes.textile
index 2f21f8cc71..df932603f7 100644
--- a/guides/source/4_0_release_notes.textile
+++ b/guides/source/4_0_release_notes.textile
@@ -730,6 +730,8 @@ where(...).remove_conditions # => still has conditions
* The migration generator now creates a join table with (commented) indexes every time the migration name contains the word "join_table".
+* <tt>ActiveRecord::SessionStore</tt> is removed from Rails 4.0 and is now a separate "gem":https://github.com/rails/activerecord-session_store.
+
h3. Active Model
* Changed <tt>AM::Serializers::JSON.include_root_in_json</tt> default value to false. Now, AM Serializers and AR objects have the same default behaviour.
diff --git a/guides/source/action_controller_overview.textile b/guides/source/action_controller_overview.textile
index 3c828735ae..f861b233d2 100644
--- a/guides/source/action_controller_overview.textile
+++ b/guides/source/action_controller_overview.textile
@@ -168,8 +168,8 @@ h3. Session
Your application has a session for each user in which you can store small amounts of data that will be persisted between requests. The session is only available in the controller and the view and can use one of a number of different storage mechanisms:
* ActionDispatch::Session::CookieStore - Stores everything on the client.
-* ActiveRecord::SessionStore - Stores the data in a database using Active Record.
* ActionDispatch::Session::CacheStore - Stores the data in the Rails cache.
+* ActionDispatch::Session::ActiveRecordStore - Stores the data in a database using Active Record. (require `activerecord-session_store` gem).
* ActionDispatch::Session::MemCacheStore - Stores the data in a memcached cluster (this is a legacy implementation; consider using CacheStore instead).
All session stores use a cookie to store a unique ID for each session (you must use a cookie, Rails will not allow you to pass the session ID in the URL as this is less secure).
@@ -187,7 +187,7 @@ If you need a different session storage mechanism, you can change it in the +con
<ruby>
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
-# (create the session table with "script/rails g session_migration")
+# (create the session table with "script/rails g active_record:session_migration")
# YourApp::Application.config.session_store :active_record_store
</ruby>
diff --git a/guides/source/configuring.textile b/guides/source/configuring.textile
index 27eaf1cbc5..9db375c2ca 100644
--- a/guides/source/configuring.textile
+++ b/guides/source/configuring.textile
@@ -127,7 +127,7 @@ end
config.session_store :my_custom_store
</ruby>
-This custom store must be defined as +ActionDispatch::Session::MyCustomStore+. In addition to symbols, they can also be objects implementing a certain API, like +ActiveRecord::SessionStore+, in which case no special namespace is required.
+This custom store must be defined as +ActionDispatch::Session::MyCustomStore+.
* +config.time_zone+ sets the default time zone for the application and enables time zone awareness for Active Record.
@@ -322,14 +322,6 @@ The caching code adds two additional settings:
* +ActionController::Base.page_cache_extension+ sets the extension to be used when generating pages for the cache (this is ignored if the incoming request already has an extension). The default is +.html+.
-The Active Record session store can also be configured:
-
-* +ActiveRecord::SessionStore::Session.table_name+ sets the name of the table used to store sessions. Defaults to +sessions+.
-
-* +ActiveRecord::SessionStore::Session.primary_key+ sets the name of the ID column used in the sessions table. Defaults to +session_id+.
-
-* +ActiveRecord::SessionStore::Session.data_column_name+ sets the name of the column which stores marshaled session data. Defaults to +data+.
-
h4. Configuring Action Dispatch
* +config.action_dispatch.session_store+ sets the name of the store for session data. The default is +:cookie_store+; other valid options include +:active_record_store+, +:mem_cache_store+ or the name of your own custom class.
diff --git a/guides/source/security.textile b/guides/source/security.textile
index 49e5da6bb7..773a47ab28 100644
--- a/guides/source/security.textile
+++ b/guides/source/security.textile
@@ -81,9 +81,7 @@ This will also be a good idea, if you modify the structure of an object and old
h4. Session Storage
-NOTE: _Rails provides several storage mechanisms for the session hashes. The most important are +ActiveRecord::SessionStore+ and +ActionDispatch::Session::CookieStore+._
-
-There are a number of session storages, i.e. where Rails saves the session hash and session id. Most real-live applications choose ActiveRecord::SessionStore (or one of its derivatives) over file storage due to performance and maintenance reasons. ActiveRecord::SessionStore keeps the session id and hash in a database table and saves and retrieves the hash on every request.
+NOTE: _Rails provides several storage mechanisms for the session hashes. The most important is +ActionDispatch::Session::CookieStore+._
Rails 2 introduced a new default session storage, CookieStore. CookieStore saves the session hash directly in a cookie on the client-side. The server retrieves the session hash from the cookie and eliminates the need for a session id. That will greatly increase the speed of the application, but it is a controversial storage option and you have to think about the security implications of it: