diff options
author | David Heinemeier Hansson <david@loudthinking.com> | 2011-10-25 17:22:55 -0500 |
---|---|---|
committer | David Heinemeier Hansson <david@loudthinking.com> | 2011-10-25 17:22:55 -0500 |
commit | 1d9ab88ee6360f54197ce21624d844425ec627b3 (patch) | |
tree | 252b3daf0d84e2a050c0da97b758f9ba06a3545e /railties/guides/source/security.textile | |
parent | 5daf07704ad21d885661216281ffc48b6ea6adfb (diff) | |
parent | 8aabdc69b7c498770e4c2864dad3e2790a40d10f (diff) | |
download | rails-1d9ab88ee6360f54197ce21624d844425ec627b3.tar.gz rails-1d9ab88ee6360f54197ce21624d844425ec627b3.tar.bz2 rails-1d9ab88ee6360f54197ce21624d844425ec627b3.zip |
Merge branch 'master' of github.com:rails/rails
Diffstat (limited to 'railties/guides/source/security.textile')
-rw-r--r-- | railties/guides/source/security.textile | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index 0f100e0adf..a499ef3d39 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -82,9 +82,9 @@ This will also be a good idea, if you modify the structure of an object and old h4. Session Storage --- _Rails provides several storage mechanisms for the session hashes. The most important are SessionStore and CookieStore._ +-- _Rails provides several storage mechanisms for the session hashes. The most important are ActiveRecord::SessionStore and ActionDispatch::Session::CookieStore._ -There are a number of session storages, i.e. where Rails saves the session hash and session id. Most real-live applications choose SessionStore (or one of its derivatives) over file storage due to performance and maintenance reasons. SessionStore keeps the session id and hash in a database table and saves and retrieves the hash on every request. +There are a number of session storages, i.e. where Rails saves the session hash and session id. Most real-live applications choose ActiveRecord::SessionStore (or one of its derivatives) over file storage due to performance and maintenance reasons. ActiveRecord::SessionStore keeps the session id and hash in a database table and saves and retrieves the hash on every request. Rails 2 introduced a new default session storage, CookieStore. CookieStore saves the session hash directly in a cookie on the client-side. The server retrieves the session hash from the cookie and eliminates the need for a session id. That will greatly increase the speed of the application, but it is a controversial storage option and you have to think about the security implications of it: @@ -157,9 +157,9 @@ One possibility is to set the expiry time-stamp of the cookie with the session i <ruby> class Session < ActiveRecord::Base def self.sweep(time = 1.hour) - time = time.split.inject { |count, unit| - count.to_i.send(unit) - } if time.is_a?(String) + if time.is_a?(String) + time = time.split.inject { |count, unit| count.to_i.send(unit) } + end delete_all "updated_at < '#{time.ago.to_s(:db)}'" end |