1 files changed, 5 insertions, 6 deletions

diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 2080e9b5b9..441b214c4e 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -7,17 +7,16 @@ module ActionController #:nodoc:
   # Controller actions are protected from Cross-Site Request Forgery (CSRF) attacks
   # by including a token in the rendered html for your application. This token is
   # stored as a random string in the session, to which an attacker does not have
-  # access. When a request reaches your application, \Rails then verifies the received
-  # token with the token in the session. Only HTML and javascript requests are checked,
+  # access. When a request reaches your application, \Rails verifies the received
+  # token with the token in the session. Only HTML and JavaScript requests are checked,
   # so this will not protect your XML API (presumably you'll have a different
   # authentication scheme there anyway). Also, GET requests are not protected as these
   # should be idempotent.
   #
   # CSRF protection is turned on with the <tt>protect_from_forgery</tt> method,
-  # which will check the token and raise an ActionController::InvalidAuthenticityToken
-  # if it doesn't match what was expected. A call to this method is generated for new
-  # \Rails applications by default. You can customize the error message by editing
-  # public/422.html.
+  # which checks the token and resets the session if it doesn't match what was expected.
+  # A call to this method is generated for new \Rails applications by default.
+  # You can customize the error message by editing public/422.html.
   #
   # The token parameter is named <tt>authenticity_token</tt> by default. The name and
   # value of this token must be added to every layout that renders forms by including