Clarify the section mentioning session stores

1 files changed, 1 insertions, 1 deletions

diff --git a/railties/doc/guides/source/actioncontroller_basics/session.txt b/railties/doc/guides/source/actioncontroller_basics/session.txt
index 2455ab4e71..3d5d98f5dd 100644
--- a/railties/doc/guides/source/actioncontroller_basics/session.txt
+++ b/railties/doc/guides/source/actioncontroller_basics/session.txt
@@ -7,7 +7,7 @@ Your application has a session for each user in which you can store small amount
  * MemCacheStore - Stores the data in MemCache.
  * ActiveRecordStore - Stores the data in a database using Active Record.
 
-All session stores store the session id in a cookie - there is no other way of passing it to the server. Most stores also use this key to locate the session data on the server.
+All session stores store either the session ID or the entire session in a cookie - Rails does not allow the session ID to be passed in any other way. Most stores also use this key to locate the session data on the server.
 
 The default and recommended store, the Cookie Store, does not store session data on the server, but in the cookie itself. The data is cryptographically signed to make it tamper-proof, but it is not encrypted, so anyone with access to it can read its contents. It can only store about 4kB of data - much less than the others - but this is usually enough. Storing large amounts of data is discouraged no matter which session store your application uses. Expecially discouraged is storing complex objects (anything other than basic Ruby objects, the primary example being model instances) in the session, as the server might not be able to reassemble them between requests, which will result in an error. The Cookie Store has the added advantage that it does not require any setting up beforehand - Rails will generate a "secret key" which will be used to sign the cookie when you create the application.