diff options
-rw-r--r-- | actionpack/lib/action_controller/session/cookie_store.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index 01f059f156..6de4d88ca0 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -22,7 +22,10 @@ require 'openssl' # to generate the HMAC message digest # Session options: # :secret An application-wide key string or block returning a string # called per generated digest. The block is called with the -# CGI::Session instance as an argument. +# CGI::Session instance as an argument. It's important that the +# secret is not vulnerable to a dictionary attack. Therefore, +# you should choose a secret consisting of random numbers and +# letters and preferably more than 30 characters. # # Example: :secret => '449fe2e7daee471bffae2fd8dc02313d' # :secret => Proc.new { User.current_user.secret_key } |