diff options
| author | Xavier Noria <fxn@hashref.com> | 2010-08-09 12:21:21 +0200 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2010-08-09 12:21:21 +0200 |
| commit | d87c57bf3e5718c6995ecc73cf8d7396e3ba4b19 (patch) | |
| tree | fe0181fef98832139f430117cb50f6af00924f34 /railties/guides/source | |
| parent | 9a43640ed1de6f65f152df2b0ab61f5bc740d805 (diff) | |
| download | rails-d87c57bf3e5718c6995ecc73cf8d7396e3ba4b19.tar.gz rails-d87c57bf3e5718c6995ecc73cf8d7396e3ba4b19.tar.bz2 rails-d87c57bf3e5718c6995ecc73cf8d7396e3ba4b19.zip | |
AC guide: commit review, block examples go at column 0, use .example.com as example domain
Diffstat (limited to 'railties/guides/source')
| -rw-r--r-- | railties/guides/source/action_controller_overview.textile | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/railties/guides/source/action_controller_overview.textile b/railties/guides/source/action_controller_overview.textile index ff112608ff..ec2d5b2787 100644 --- a/railties/guides/source/action_controller_overview.textile +++ b/railties/guides/source/action_controller_overview.textile @@ -159,41 +159,41 @@ Read more about session storage in the "Security Guide":security.html. If you need a different session storage mechanism, you can change it in the +config/initializers/session_store.rb+ file: <ruby> - # Use the database for sessions instead of the cookie-based default, - # which shouldn't be used to store highly confidential information - # (create the session table with "rake db:sessions:create") - # YourApp::Application.config.session_store :active_record_store +# Use the database for sessions instead of the cookie-based default, +# which shouldn't be used to store highly confidential information +# (create the session table with "rake db:sessions:create") +# YourApp::Application.config.session_store :active_record_store </ruby> Rails sets up a session key (the name of the cookie) when signing the session data. These can also be changed in +config/initializers/session_store.rb+: <ruby> - # Be sure to restart your server when you modify this file. +# Be sure to restart your server when you modify this file. - YourApp::Application.config.session_store :cookie_store, :key => '_your_app_session' +YourApp::Application.config.session_store :cookie_store, :key => '_your_app_session' </ruby> You can also pass a +:domain+ key and specify the domain name for the cookie: <ruby> - # Be sure to restart your server when you modify this file. +# Be sure to restart your server when you modify this file. - YourApp::Application.config.session_store :cookie_store, :key => '_your_app_session', :domain => ".test.com" +YourApp::Application.config.session_store :cookie_store, :key => '_your_app_session', :domain => ".example.com" </ruby> Rails sets up (for the CookieStore) a secret key used for signing the session data. This can be changed in +config/initializers/secret_token.rb+ <ruby> - # Be sure to restart your server when you modify this file. +# Be sure to restart your server when you modify this file. - # Your secret key for verifying the integrity of signed cookies. - # If you change this key, all old signed cookies will become invalid! - # Make sure the secret is at least 30 characters and all random, - # no regular words or you'll be exposed to dictionary attacks. - YourApp::Application.config.secret_token = '49d3f3de9ed86c74b94ad6bd0...' +# Your secret key for verifying the integrity of signed cookies. +# If you change this key, all old signed cookies will become invalid! +# Make sure the secret is at least 30 characters and all random, +# no regular words or you'll be exposed to dictionary attacks. +YourApp::Application.config.secret_token = '49d3f3de9ed86c74b94ad6bd0...' </ruby> -NOTE: Changing the secret when using the CookieStore will invalidate all existing sessions. +NOTE: Changing the secret when using the +CookieStore+ will invalidate all existing sessions. h4. Accessing the Session |