aboutsummaryrefslogtreecommitdiffstats
path: root/railties/guides
diff options
context:
space:
mode:
authorXavier Noria <fxn@hashref.com>2010-08-09 12:21:21 +0200
committerXavier Noria <fxn@hashref.com>2010-08-09 12:21:21 +0200
commitd87c57bf3e5718c6995ecc73cf8d7396e3ba4b19 (patch)
treefe0181fef98832139f430117cb50f6af00924f34 /railties/guides
parent9a43640ed1de6f65f152df2b0ab61f5bc740d805 (diff)
downloadrails-d87c57bf3e5718c6995ecc73cf8d7396e3ba4b19.tar.gz
rails-d87c57bf3e5718c6995ecc73cf8d7396e3ba4b19.tar.bz2
rails-d87c57bf3e5718c6995ecc73cf8d7396e3ba4b19.zip
AC guide: commit review, block examples go at column 0, use .example.com as example domain
Diffstat (limited to 'railties/guides')
-rw-r--r--railties/guides/source/action_controller_overview.textile30
1 files changed, 15 insertions, 15 deletions
diff --git a/railties/guides/source/action_controller_overview.textile b/railties/guides/source/action_controller_overview.textile
index ff112608ff..ec2d5b2787 100644
--- a/railties/guides/source/action_controller_overview.textile
+++ b/railties/guides/source/action_controller_overview.textile
@@ -159,41 +159,41 @@ Read more about session storage in the "Security Guide":security.html.
If you need a different session storage mechanism, you can change it in the +config/initializers/session_store.rb+ file:
<ruby>
- # Use the database for sessions instead of the cookie-based default,
- # which shouldn't be used to store highly confidential information
- # (create the session table with "rake db:sessions:create")
- # YourApp::Application.config.session_store :active_record_store
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rake db:sessions:create")
+# YourApp::Application.config.session_store :active_record_store
</ruby>
Rails sets up a session key (the name of the cookie) when signing the session data. These can also be changed in +config/initializers/session_store.rb+:
<ruby>
- # Be sure to restart your server when you modify this file.
+# Be sure to restart your server when you modify this file.
- YourApp::Application.config.session_store :cookie_store, :key => '_your_app_session'
+YourApp::Application.config.session_store :cookie_store, :key => '_your_app_session'
</ruby>
You can also pass a +:domain+ key and specify the domain name for the cookie:
<ruby>
- # Be sure to restart your server when you modify this file.
+# Be sure to restart your server when you modify this file.
- YourApp::Application.config.session_store :cookie_store, :key => '_your_app_session', :domain => ".test.com"
+YourApp::Application.config.session_store :cookie_store, :key => '_your_app_session', :domain => ".example.com"
</ruby>
Rails sets up (for the CookieStore) a secret key used for signing the session data. This can be changed in +config/initializers/secret_token.rb+
<ruby>
- # Be sure to restart your server when you modify this file.
+# Be sure to restart your server when you modify this file.
- # Your secret key for verifying the integrity of signed cookies.
- # If you change this key, all old signed cookies will become invalid!
- # Make sure the secret is at least 30 characters and all random,
- # no regular words or you'll be exposed to dictionary attacks.
- YourApp::Application.config.secret_token = '49d3f3de9ed86c74b94ad6bd0...'
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+YourApp::Application.config.secret_token = '49d3f3de9ed86c74b94ad6bd0...'
</ruby>
-NOTE: Changing the secret when using the CookieStore will invalidate all existing sessions.
+NOTE: Changing the secret when using the +CookieStore+ will invalidate all existing sessions.
h4. Accessing the Session