diff options
author | Andrew White <andyw@pixeltrix.co.uk> | 2013-01-05 10:30:30 -0800 |
---|---|---|
committer | Andrew White <andyw@pixeltrix.co.uk> | 2013-01-05 10:30:30 -0800 |
commit | fa6e995a03ea2daa78902f7ea5cc9cb570014609 (patch) | |
tree | 28f20272a328d635033e4538c02f497d7dc69f77 /actionpack/lib | |
parent | 516f148450e733371a69cb966c632b1b64c41f49 (diff) | |
parent | 6500d7994e94af439587ba0b6088b14532940ad2 (diff) | |
download | rails-fa6e995a03ea2daa78902f7ea5cc9cb570014609.tar.gz rails-fa6e995a03ea2daa78902f7ea5cc9cb570014609.tar.bz2 rails-fa6e995a03ea2daa78902f7ea5cc9cb570014609.zip |
Merge pull request #8766 from jcoglan/session_token_docs
Remove suggestion that Procs can be used as session secrets.
[ci skip]
Diffstat (limited to 'actionpack/lib')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/session/cookie_store.rb | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb index ce5f89ee5b..4437b50f1f 100644 --- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb @@ -21,15 +21,12 @@ module ActionDispatch # # Session options: # - # * <tt>:secret</tt>: An application-wide key string or block returning a - # string called per generated digest. The block is called with the - # CGI::Session instance as an argument. It's important that the secret - # is not vulnerable to a dictionary attack. Therefore, you should choose - # a secret consisting of random numbers and letters and more than 30 - # characters. + # * <tt>:secret</tt>: An application-wide key string. It's important that + # the secret is not vulnerable to a dictionary attack. Therefore, you + # should choose a secret consisting of random numbers and letters and + # more than 30 characters. # # secret: '449fe2e7daee471bffae2fd8dc02313d' - # secret: Proc.new { User.current_user.secret_key } # # * <tt>:digest</tt>: The message digest algorithm used to verify session # integrity defaults to 'SHA1' but may be any digest provided by OpenSSL, |