diff options
| -rw-r--r-- | actionpack/lib/action_controller/session/cookie_store.rb | 6 | ||||
| -rw-r--r-- | railties/configs/initializers/session_store.rb | 2 | ||||
| -rw-r--r-- | railties/doc/guides/source/security.txt | 2 |
3 files changed, 5 insertions, 5 deletions
diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index 135bedaf50..e061c4d4a1 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -163,9 +163,9 @@ module ActionController def ensure_session_key(key) if key.blank? - raise ArgumentError, 'A session_key is required to write a ' + + raise ArgumentError, 'A key is required to write a ' + 'cookie containing the session data. Use ' + - 'config.action_controller.session = { :session_key => ' + + 'config.action_controller.session = { :key => ' + '"_myapp_session", :secret => "some secret phrase" } in ' + 'config/environment.rb' end @@ -181,7 +181,7 @@ module ActionController if secret.blank? raise ArgumentError, "A secret is required to generate an " + "integrity hash for cookie session data. Use " + - "config.action_controller.session = { :session_key => " + + "config.action_controller.session = { :key => " + "\"_myapp_session\", :secret => \"some secret phrase of at " + "least #{SECRET_MIN_LENGTH} characters\" } " + "in config/environment.rb" diff --git a/railties/configs/initializers/session_store.rb b/railties/configs/initializers/session_store.rb index 40179e0aa3..4499ab84b6 100644 --- a/railties/configs/initializers/session_store.rb +++ b/railties/configs/initializers/session_store.rb @@ -5,7 +5,7 @@ # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. ActionController::Base.session = { - :session_key => '_<%= app_name %>_session', + :key => '_<%= app_name %>_session', :secret => '<%= app_secret %>' } diff --git a/railties/doc/guides/source/security.txt b/railties/doc/guides/source/security.txt index 9b3f47932e..b4e8bb4b41 100644 --- a/railties/doc/guides/source/security.txt +++ b/railties/doc/guides/source/security.txt @@ -93,7 +93,7 @@ That means the security of this storage depends on this secret (and of the diges .................................... config.action_controller.session = { - :session_key => ‘_app_session’, + :key => ‘_app_session’, :secret => ‘0x0dkfj3927dkc7djdh36rkckdfzsg...’ } .................................... |