diff options
| author | rick <rick@spacemonkey.local> | 2008-05-05 23:19:21 -0700 |
|---|---|---|
| committer | rick <rick@spacemonkey.local> | 2008-05-05 23:19:21 -0700 |
| commit | 0052938ac5b8894b27fdb9f27b1ed39f0a9ea176 (patch) | |
| tree | f714643a4043d9fb73b39ec2a114d18f5deeffdd /actionpack/lib/action_controller/session | |
| parent | eacb5cf0cab6447db78085c8bda6c94dd329ce6b (diff) | |
| parent | 3cffe92ff066c2b35eef409547db93652c5cccfc (diff) | |
| download | rails-0052938ac5b8894b27fdb9f27b1ed39f0a9ea176.tar.gz rails-0052938ac5b8894b27fdb9f27b1ed39f0a9ea176.tar.bz2 rails-0052938ac5b8894b27fdb9f27b1ed39f0a9ea176.zip | |
Merge commit 'core/master'
Diffstat (limited to 'actionpack/lib/action_controller/session')
| -rw-r--r-- | actionpack/lib/action_controller/session/cookie_store.rb | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index 5e5ef1bfb0..560491f996 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -14,27 +14,27 @@ require 'openssl' # to generate the HMAC message digest # TamperedWithCookie is raised if the data integrity check fails. # # A message digest is included with the cookie to ensure data integrity: -# a user cannot alter his user_id without knowing the secret key included in +# a user cannot alter his +user_id+ without knowing the secret key included in # the hash. New apps are generated with a pregenerated secret in # config/environment.rb. Set your own for old apps you're upgrading. # # Session options: -# :secret An application-wide key string or block returning a string -# called per generated digest. The block is called with the -# CGI::Session instance as an argument. It's important that the -# secret is not vulnerable to a dictionary attack. Therefore, -# you should choose a secret consisting of random numbers and -# letters and more than 30 characters. # -# Example: :secret => '449fe2e7daee471bffae2fd8dc02313d' -# :secret => Proc.new { User.current_user.secret_key } +# * <tt>:secret</tt>: An application-wide key string or block returning a string +# called per generated digest. The block is called with the CGI::Session +# instance as an argument. It's important that the secret is not vulnerable to +# a dictionary attack. Therefore, you should choose a secret consisting of +# random numbers and letters and more than 30 characters. Examples: # -# :digest The message digest algorithm used to verify session integrity -# defaults to 'SHA1' but may be any digest provided by OpenSSL, -# such as 'MD5', 'RIPEMD160', 'SHA256', etc. +# :secret => '449fe2e7daee471bffae2fd8dc02313d' +# :secret => Proc.new { User.current_user.secret_key } +# +# * <tt>:digest</tt>: The message digest algorithm used to verify session +# integrity defaults to 'SHA1' but may be any digest provided by OpenSSL, +# such as 'MD5', 'RIPEMD160', 'SHA256', etc. # # To generate a secret key for an existing application, run -# `rake secret` and set the key in config/environment.rb +# `rake secret` and set the key in config/environment.rb. # # Note that changing digest or secret invalidates all existing sessions! class CGI::Session::CookieStore |