6 files changed, 9 insertions, 51 deletions

diff --git a/guides/code/getting_started/config/initializers/session_store.rb b/guides/code/getting_started/config/initializers/session_store.rb
index 1a67af58b5..3b2ca93ab9 100644
--- a/guides/code/getting_started/config/initializers/session_store.rb
+++ b/guides/code/getting_started/config/initializers/session_store.rb
@@ -1,8 +1,3 @@
 # Be sure to restart your server when you modify this file.
 
 Blog::Application.config.session_store :cookie_store, key: '_blog_session'
-
-# Use the database for sessions instead of the cookie-based default,
-# which shouldn't be used to store highly confidential information
-# (create the session table with "rails generate session_migration")
-# Blog::Application.config.session_store :active_record_store
diff --git a/guides/source/4_0_release_notes.textile b/guides/source/4_0_release_notes.textile
index 2f21f8cc71..0e03779e0d 100644
--- a/guides/source/4_0_release_notes.textile
+++ b/guides/source/4_0_release_notes.textile
@@ -479,35 +479,10 @@ end
 User.stored_attributes[:settings] # [:color, :homepage]
 </ruby>
 
-* <tt>composed_of</tt> was removed. You'll have to write your own accessor and mutator methods if you'd like to use value objects to represent some portion of your models. So, instead of:
-
-<ruby>
-class Person < ActiveRecord::Base
-  composed_of :address, :mapping => [ %w(address_street street), %w(address_city city) ]
-end
-</ruby>
-
-you could write something like this:
-
-<ruby>
-def address
-  @address ||= Address.new(address_street, address_city)
-end
-
-def address=(address)
-  self[:address_street] = @address.street
-  self[:address_city]   = @address.city
-
-  @address = address
-end
-</ruby>
-
 * PostgreSQL default log level is now 'warning', to bypass the noisy notice messages. You can change the log level using the <tt>min_messages</tt> option available in your <tt>config/database.yml</tt>.
 
 * Add uuid datatype support to PostgreSQL adapter.
 
-* <tt>update_attribute</tt> has been removed. Use <tt>update_column</tt> if you want to bypass mass-assignment protection, validations, callbacks, and touching of updated_at. Otherwise please use <tt>update_attributes</tt>.
-
 * Added <tt>ActiveRecord::Migration.check_pending!</tt> that raises an error if migrations are pending.
 
 * Added <tt>#destroy!</tt> which acts like <tt>#destroy</tt> but will raise an <tt>ActiveRecord::RecordNotDestroyed</tt> exception instead of returning <tt>false</tt>.
@@ -730,6 +705,8 @@ where(...).remove_conditions # => still has conditions
 
 * The migration generator now creates a join table with (commented) indexes every time the migration name contains the word "join_table".
 
+* <tt>ActiveRecord::SessionStore</tt> is removed from Rails 4.0 and is now a separate "gem":https://github.com/rails/activerecord-session_store.
+
 h3. Active Model
 
 * Changed <tt>AM::Serializers::JSON.include_root_in_json</tt> default value to false. Now, AM Serializers and AR objects have the same default behaviour.
diff --git a/guides/source/action_controller_overview.textile b/guides/source/action_controller_overview.textile
index 67c9044d91..1d43b44391 100644
--- a/guides/source/action_controller_overview.textile
+++ b/guides/source/action_controller_overview.textile
@@ -168,8 +168,8 @@ h3. Session
 Your application has a session for each user in which you can store small amounts of data that will be persisted between requests. The session is only available in the controller and the view and can use one of a number of different storage mechanisms:
 
 * ActionDispatch::Session::CookieStore - Stores everything on the client.
-* ActiveRecord::SessionStore - Stores the data in a database using Active Record.
 * ActionDispatch::Session::CacheStore - Stores the data in the Rails cache.
+* ActionDispatch::Session::ActiveRecordStore - Stores the data in a database using Active Record. (require `activerecord-session_store` gem).
 * ActionDispatch::Session::MemCacheStore - Stores the data in a memcached cluster (this is a legacy implementation; consider using CacheStore instead).
 
 All session stores use a cookie to store a unique ID for each session (you must use a cookie, Rails will not allow you to pass the session ID in the URL as this is less secure).
@@ -187,7 +187,7 @@ If you need a different session storage mechanism, you can change it in the +con
 <ruby>
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information
-# (create the session table with "script/rails g session_migration")
+# (create the session table with "script/rails g active_record:session_migration")
 # YourApp::Application.config.session_store :active_record_store
 </ruby>
 
diff --git a/guides/source/active_support_core_extensions.textile b/guides/source/active_support_core_extensions.textile
index 109228f8c7..8748817eb8 100644
--- a/guides/source/active_support_core_extensions.textile
+++ b/guides/source/active_support_core_extensions.textile
@@ -1491,13 +1491,9 @@ For example, Action Pack uses this method to load the class that provides a cert
 <ruby>
 # action_controller/metal/session_management.rb
 def session_store=(store)
-  if store == :active_record_store
-    self.session_store = ActiveRecord::SessionStore
-  else
-    @@session_store = store.is_a?(Symbol) ?
-      ActionDispatch::Session.const_get(store.to_s.camelize) :
-      store
-  end
+  @@session_store = store.is_a?(Symbol) ?
+    ActionDispatch::Session.const_get(store.to_s.camelize) :
+    store
 end
 </ruby>
 
diff --git a/guides/source/configuring.textile b/guides/source/configuring.textile
index 27eaf1cbc5..9db375c2ca 100644
--- a/guides/source/configuring.textile
+++ b/guides/source/configuring.textile
@@ -127,7 +127,7 @@ end
 config.session_store :my_custom_store
 </ruby>
 
-This custom store must be defined as +ActionDispatch::Session::MyCustomStore+. In addition to symbols, they can also be objects implementing a certain API, like +ActiveRecord::SessionStore+, in which case no special namespace is required.
+This custom store must be defined as +ActionDispatch::Session::MyCustomStore+.
 
 * +config.time_zone+ sets the default time zone for the application and enables time zone awareness for Active Record.
 
@@ -322,14 +322,6 @@ The caching code adds two additional settings:
 
 * +ActionController::Base.page_cache_extension+ sets the extension to be used when generating pages for the cache (this is ignored if the incoming request already has an extension). The default is +.html+.
 
-The Active Record session store can also be configured:
-
-* +ActiveRecord::SessionStore::Session.table_name+ sets the name of the table used to store sessions. Defaults to +sessions+.
-
-* +ActiveRecord::SessionStore::Session.primary_key+ sets the name of the ID column used in the sessions table. Defaults to +session_id+.
-
-* +ActiveRecord::SessionStore::Session.data_column_name+ sets the name of the column which stores marshaled session data. Defaults to +data+.
-
 h4. Configuring Action Dispatch
 
 * +config.action_dispatch.session_store+ sets the name of the store for session data. The default is +:cookie_store+; other valid options include +:active_record_store+, +:mem_cache_store+ or the name of your own custom class.
diff --git a/guides/source/security.textile b/guides/source/security.textile
index f3c3ab9d87..4c6c78a353 100644
--- a/guides/source/security.textile
+++ b/guides/source/security.textile
@@ -81,9 +81,7 @@ This will also be a good idea, if you modify the structure of an object and old
 
 h4. Session Storage
 
-NOTE: _Rails provides several storage mechanisms for the session hashes. The most important are +ActiveRecord::SessionStore+ and +ActionDispatch::Session::CookieStore+._
-
-There are a number of session storages, i.e. where Rails saves the session hash and session id. Most real-live applications choose ActiveRecord::SessionStore (or one of its derivatives) over file storage due to performance and maintenance reasons. ActiveRecord::SessionStore keeps the session id and hash in a database table and saves and retrieves the hash on every request.
+NOTE: _Rails provides several storage mechanisms for the session hashes. The most important is +ActionDispatch::Session::CookieStore+._
 
 Rails 2 introduced a new default session storage, CookieStore. CookieStore saves the session hash directly in a cookie on the client-side. The server retrieves the session hash from the cookie and eliminates the need for a session id. That will greatly increase the speed of the application, but it is a controversial storage option and you have to think about the security implications of it: