Update security guide for signed cookie rotations

The example was slightly incorrect. This commit also adds a test case for this example to cookies middleware unit tests.
author: Michael Coyne <mikeycgto@gmail.com> 2017-10-09 21:08:38 -0400
committer: Michael Coyne <mikeycgto@gmail.com> 2017-10-09 21:15:02 -0400
commit: 04a7b7165ad204014c5850f62c921f7291d6ba5d (patch)
tree: 36ddc8789347674dc4adf940583862b654723d4e /guides
parent: ac1ee519fa513f1c2188180e8830938c71edb48c (diff)
download: rails-04a7b7165ad204014c5850f62c921f7291d6ba5d.tar.gz
rails-04a7b7165ad204014c5850f62c921f7291d6ba5d.tar.bz2
rails-04a7b7165ad204014c5850f62c921f7291d6ba5d.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index bf9af88c5d..cfa777d433 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -169,11 +169,12 @@ you would first assign the new configuration value:
 Rails.application.config.action_dispatch.signed_cookie_digest = "SHA256"
 ```
 
-Then you'd set up a rotation with the old configuration to keep it alive.
+Now add a rotation for the old SHA1 digest so existing cookies are
+seamlessly upgraded to the new SHA256 digest.
 
 ```ruby
 Rails.application.config.action_dispatch.cookies_rotations.tap do |cookies|
-  cookies.rotate :signed, digest: "SHA256"
+  cookies.rotate :signed, digest: "SHA1"
 end
 ```
author	Michael Coyne <mikeycgto@gmail.com>	2017-10-09 21:08:38 -0400
committer	Michael Coyne <mikeycgto@gmail.com>	2017-10-09 21:15:02 -0400
commit	04a7b7165ad204014c5850f62c921f7291d6ba5d (patch)
tree	36ddc8789347674dc4adf940583862b654723d4e /guides
parent	ac1ee519fa513f1c2188180e8830938c71edb48c (diff)
download	rails-04a7b7165ad204014c5850f62c921f7291d6ba5d.tar.gz rails-04a7b7165ad204014c5850f62c921f7291d6ba5d.tar.bz2 rails-04a7b7165ad204014c5850f62c921f7291d6ba5d.zip