aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch
diff options
context:
space:
mode:
authorJames Coglan <jcoglan@gmail.com>2013-01-05 14:52:02 +0000
committerJames Coglan <jcoglan@gmail.com>2013-01-05 15:16:18 +0000
commit6500d7994e94af439587ba0b6088b14532940ad2 (patch)
tree8acd642c84036e7885ace53bced124fb49d05dfb /actionpack/lib/action_dispatch
parentc1eaff00b748ab976d3a99d00468da60f25a8e8d (diff)
downloadrails-6500d7994e94af439587ba0b6088b14532940ad2.tar.gz
rails-6500d7994e94af439587ba0b6088b14532940ad2.tar.bz2
rails-6500d7994e94af439587ba0b6088b14532940ad2.zip
Remove suggestion that Procs can be used as session secrets.
Diffstat (limited to 'actionpack/lib/action_dispatch')
-rw-r--r--actionpack/lib/action_dispatch/middleware/session/cookie_store.rb11
1 files changed, 4 insertions, 7 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index ce5f89ee5b..4437b50f1f 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -21,15 +21,12 @@ module ActionDispatch
#
# Session options:
#
- # * <tt>:secret</tt>: An application-wide key string or block returning a
- # string called per generated digest. The block is called with the
- # CGI::Session instance as an argument. It's important that the secret
- # is not vulnerable to a dictionary attack. Therefore, you should choose
- # a secret consisting of random numbers and letters and more than 30
- # characters.
+ # * <tt>:secret</tt>: An application-wide key string. It's important that
+ # the secret is not vulnerable to a dictionary attack. Therefore, you
+ # should choose a secret consisting of random numbers and letters and
+ # more than 30 characters.
#
# secret: '449fe2e7daee471bffae2fd8dc02313d'
- # secret: Proc.new { User.current_user.secret_key }
#
# * <tt>:digest</tt>: The message digest algorithm used to verify session
# integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,