diff options
| author | Godfrey Chan <godfreykfc@gmail.com> | 2014-02-04 09:31:48 -0800 |
|---|---|---|
| committer | Godfrey Chan <godfreykfc@gmail.com> | 2014-02-11 01:54:16 -0800 |
| commit | b927d67decb9d4e5103b5991b7e26a4dab4eca92 (patch) | |
| tree | 352a21a240eac25162de6aacec711805dd693180 /guides | |
| parent | f0d8996dcc1feeba83d8b73043a97b6e80ccbe10 (diff) | |
| download | rails-b927d67decb9d4e5103b5991b7e26a4dab4eca92.tar.gz rails-b927d67decb9d4e5103b5991b7e26a4dab4eca92.tar.bz2 rails-b927d67decb9d4e5103b5991b7e26a4dab4eca92.zip | |
Renamed session_serializer option to cookies_serializer
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/source/action_controller_overview.md | 43 |
1 files changed, 27 insertions, 16 deletions
diff --git a/guides/source/action_controller_overview.md b/guides/source/action_controller_overview.md index 9eaf03dd82..b142279991 100644 --- a/guides/source/action_controller_overview.md +++ b/guides/source/action_controller_overview.md @@ -381,22 +381,6 @@ You can also pass a `:domain` key and specify the domain name for the cookie: YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', domain: ".example.com" ``` -You can pass `:serializer` key to specify serializer for serializing session: - -```ruby -YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', serializer: :json -``` - -The default serializer for new application is `:json`. For compatibility with -old applications `:marshal` is used when `serializer` option is not specified. - -It is also possible to pass a custom serializer class with `load` and `dump` -public methods defined: - -```ruby -YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', serializer: MyCustomSerializer -``` - Rails sets up (for the CookieStore) a secret key used for signing the session data. This can be changed in `config/initializers/secret_token.rb` ```ruby @@ -588,6 +572,33 @@ end Note that while for session values you set the key to `nil`, to delete a cookie value you should use `cookies.delete(:key)`. +Rails also provides a signed cookie jar and an encrypted cookie jar for storing +sensitive data. The signed cookie jar appends a cryptographic signature on the +cookie values to protect their integrity. The encrypted cookie jar encrypts the +values in addition to signing them, so that they cannot be read by the end user. +Refer to the [API documentation](http://api.rubyonrails.org/classes/ActionDispatch/Cookies.html) +for more details. + +These special cookie jars use a serializer to serialize the assigned values into +strings and deserializes them into Ruby objects on read. + +You can specify what serializer to use: + +```ruby +YourApp::Application.config.cookies_serializer :json +``` + +The possible options are `:marshal` or `:json`. The default serializer for new +applications is `:json`. For compatibility with old applications with existing +cookies, `:marshal` is used when `serializer` option is not specified. + +It is also possible to pass a custom serializer class or object that responds +to `load` and `dump`: + +```ruby +YourApp::Application.config.cookies_serializer MyCustomSerializer +``` + Rendering XML and JSON data --------------------------- |