From aa4655806a7c01d1597d1323a73040e6e7aa4060 Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist Date: Fri, 24 Aug 2012 14:26:00 -0400 Subject: Update guide/release note about AR::SessionStore --- guides/source/security.textile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'guides/source/security.textile') diff --git a/guides/source/security.textile b/guides/source/security.textile index 49e5da6bb7..773a47ab28 100644 --- a/guides/source/security.textile +++ b/guides/source/security.textile @@ -81,9 +81,7 @@ This will also be a good idea, if you modify the structure of an object and old h4. Session Storage -NOTE: _Rails provides several storage mechanisms for the session hashes. The most important are +ActiveRecord::SessionStore+ and +ActionDispatch::Session::CookieStore+._ - -There are a number of session storages, i.e. where Rails saves the session hash and session id. Most real-live applications choose ActiveRecord::SessionStore (or one of its derivatives) over file storage due to performance and maintenance reasons. ActiveRecord::SessionStore keeps the session id and hash in a database table and saves and retrieves the hash on every request. +NOTE: _Rails provides several storage mechanisms for the session hashes. The most important is +ActionDispatch::Session::CookieStore+._ Rails 2 introduced a new default session storage, CookieStore. CookieStore saves the session hash directly in a cookie on the client-side. The server retrieves the session hash from the cookie and eliminates the need for a session id. That will greatly increase the speed of the application, but it is a controversial storage option and you have to think about the security implications of it: -- cgit v1.2.3