Merge commit 'mainstream/master'

Conflicts:

	activerecord/lib/active_record/base.rb
	railties/Rakefile
	railties/doc/guides/activerecord/association_basics.txt
	railties/doc/guides/debugging/debugging_rails_applications.txt
	railties/doc/guides/getting_started_with_rails/getting_started_with_rails.txt
	railties/doc/guides/index.txt
	railties/doc/guides/migrations/foreign_keys.txt
	railties/doc/guides/migrations/migrations.txt
	railties/doc/guides/migrations/writing_a_migration.txt
	railties/doc/guides/routing/routing_outside_in.txt

1 files changed, 4 insertions, 0 deletions

diff --git a/actionpack/lib/action_controller/session_management.rb b/actionpack/lib/action_controller/session_management.rb
index f5a1155a46..fd3d94ed97 100644
--- a/actionpack/lib/action_controller/session_management.rb
+++ b/actionpack/lib/action_controller/session_management.rb
@@ -60,6 +60,10 @@ module ActionController #:nodoc:
       #   # the session will only work over HTTPS, but only for the foo action
       #   session :only => :foo, :session_secure => true
       #
+      #   # the session by default uses HttpOnly sessions for security reasons.
+      #   # this can be switched off.
+      #   session :only => :foo, :session_http_only => false
+      #
       #   # the session will only be disabled for 'foo', and only if it is
       #   # requested as a web service
       #   session :off, :only => :foo,