aboutsummaryrefslogtreecommitdiffstats
path: root/railties
diff options
context:
space:
mode:
Diffstat (limited to 'railties')
-rw-r--r--railties/guides/source/action_controller_overview.textile41
1 files changed, 28 insertions, 13 deletions
diff --git a/railties/guides/source/action_controller_overview.textile b/railties/guides/source/action_controller_overview.textile
index 038ca903c1..ff112608ff 100644
--- a/railties/guides/source/action_controller_overview.textile
+++ b/railties/guides/source/action_controller_overview.textile
@@ -159,23 +159,38 @@ Read more about session storage in the "Security Guide":security.html.
If you need a different session storage mechanism, you can change it in the +config/initializers/session_store.rb+ file:
<ruby>
-# Use the database for sessions instead of the cookie-based default,
-# which shouldn't be used to store highly confidential information
-# (create the session table with "rake db:sessions:create")
-# ActionController::Base.session_store = :active_record_store
+ # Use the database for sessions instead of the cookie-based default,
+ # which shouldn't be used to store highly confidential information
+ # (create the session table with "rake db:sessions:create")
+ # YourApp::Application.config.session_store :active_record_store
</ruby>
-Rails sets up a session key (the name of the cookie) and (for the CookieStore) a secret key used when signing the session data. These can also be changed in +config/initializers/session_store.rb+:
+Rails sets up a session key (the name of the cookie) when signing the session data. These can also be changed in +config/initializers/session_store.rb+:
<ruby>
-# Your secret key for verifying cookie session data integrity.
-# If you change this key, all old sessions will become invalid!
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-ActionController::Base.session = {
- :key => '_yourappname_session',
- :secret => '4f50711b8f0f49572...'
-}
+ # Be sure to restart your server when you modify this file.
+
+ YourApp::Application.config.session_store :cookie_store, :key => '_your_app_session'
+</ruby>
+
+You can also pass a +:domain+ key and specify the domain name for the cookie:
+
+<ruby>
+ # Be sure to restart your server when you modify this file.
+
+ YourApp::Application.config.session_store :cookie_store, :key => '_your_app_session', :domain => ".test.com"
+</ruby>
+
+Rails sets up (for the CookieStore) a secret key used for signing the session data. This can be changed in +config/initializers/secret_token.rb+
+
+<ruby>
+ # Be sure to restart your server when you modify this file.
+
+ # Your secret key for verifying the integrity of signed cookies.
+ # If you change this key, all old signed cookies will become invalid!
+ # Make sure the secret is at least 30 characters and all random,
+ # no regular words or you'll be exposed to dictionary attacks.
+ YourApp::Application.config.secret_token = '49d3f3de9ed86c74b94ad6bd0...'
</ruby>
NOTE: Changing the secret when using the CookieStore will invalidate all existing sessions.