diff options
| author | Xavier Noria <fxn@hashref.com> | 2009-02-07 15:06:26 +0100 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2009-02-07 15:06:26 +0100 |
| commit | 01f82d62dcc32dd7ee0ecbac7505786dca941973 (patch) | |
| tree | 84999047706f86c6f02323daea08f99cf5c8f942 /railties | |
| parent | f11616b521b4e494182c0041f37f465597a7ad97 (diff) | |
| download | rails-01f82d62dcc32dd7ee0ecbac7505786dca941973.tar.gz rails-01f82d62dcc32dd7ee0ecbac7505786dca941973.tar.bz2 rails-01f82d62dcc32dd7ee0ecbac7505786dca941973.zip | |
edged coverage of session storage configuration
Diffstat (limited to 'railties')
| -rw-r--r-- | railties/guides/source/action_controller_overview.textile | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/railties/guides/source/action_controller_overview.textile b/railties/guides/source/action_controller_overview.textile index 885c691efb..137349e2ff 100644 --- a/railties/guides/source/action_controller_overview.textile +++ b/railties/guides/source/action_controller_overview.textile @@ -171,19 +171,25 @@ The CookieStore can store around 4kB of data - much less than the others - but t Read more about session storage in the "Security Guide":security.html. -If you need a different session storage mechanism, you can change it in the +config/environment.rb+ file: +If you need a different session storage mechanism, you can change it in the +config/initializers/session_store.rb+ file: <ruby> -# Set to one of [:active_record_store, :drb_store, :mem_cache_store, :cookie_store] -config.action_controller.session_store = :active_record_store +# Use the database for sessions instead of the cookie-based default, +# which shouldn't be used to store highly confidential information +# (create the session table with "rake db:sessions:create") +# ActionController::Base.session_store = :active_record_store </ruby> -Rails sets up a session key (the name of the cookie) and (for the CookieStore) a secret key used when signing the session data. These can also be changed in +config/environment.rb+: +Rails sets up a session key (the name of the cookie) and (for the CookieStore) a secret key used when signing the session data. These can also be changed in +config/initializers/session_store.rb+: <ruby> -config.actioncontroller.session = { - :key => "_yourappname_session", - :secret => "g7tr273tr823ter823tr2qtr8q73w8q3trh76t878..." +# Your secret key for verifying cookie session data integrity. +# If you change this key, all old sessions will become invalid! +# Make sure the secret is at least 30 characters and all random, +# no regular words or you'll be exposed to dictionary attacks. +ActionController::Base.session = { + :key => '_yourappname_session', + :secret => '4f50711b8f0f49572...' } </ruby> |