aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
diff options
context:
space:
mode:
authorAndrew White <andyw@pixeltrix.co.uk>2013-01-05 10:30:30 -0800
committerAndrew White <andyw@pixeltrix.co.uk>2013-01-05 10:30:30 -0800
commitfa6e995a03ea2daa78902f7ea5cc9cb570014609 (patch)
tree28f20272a328d635033e4538c02f497d7dc69f77 /actionpack/lib
parent516f148450e733371a69cb966c632b1b64c41f49 (diff)
parent6500d7994e94af439587ba0b6088b14532940ad2 (diff)
downloadrails-fa6e995a03ea2daa78902f7ea5cc9cb570014609.tar.gz
rails-fa6e995a03ea2daa78902f7ea5cc9cb570014609.tar.bz2
rails-fa6e995a03ea2daa78902f7ea5cc9cb570014609.zip
Merge pull request #8766 from jcoglan/session_token_docs
Remove suggestion that Procs can be used as session secrets. [ci skip]
Diffstat (limited to 'actionpack/lib')
-rw-r--r--actionpack/lib/action_dispatch/middleware/session/cookie_store.rb11
1 files changed, 4 insertions, 7 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index ce5f89ee5b..4437b50f1f 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -21,15 +21,12 @@ module ActionDispatch
#
# Session options:
#
- # * <tt>:secret</tt>: An application-wide key string or block returning a
- # string called per generated digest. The block is called with the
- # CGI::Session instance as an argument. It's important that the secret
- # is not vulnerable to a dictionary attack. Therefore, you should choose
- # a secret consisting of random numbers and letters and more than 30
- # characters.
+ # * <tt>:secret</tt>: An application-wide key string. It's important that
+ # the secret is not vulnerable to a dictionary attack. Therefore, you
+ # should choose a secret consisting of random numbers and letters and
+ # more than 30 characters.
#
# secret: '449fe2e7daee471bffae2fd8dc02313d'
- # secret: Proc.new { User.current_user.secret_key }
#
# * <tt>:digest</tt>: The message digest algorithm used to verify session
# integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,