From b23ffd0dac895aa3fd3afd8d9be36794941731b2 Mon Sep 17 00:00:00 2001 From: Lukasz Sarnacki Date: Fri, 10 Jan 2014 12:57:50 +0100 Subject: Allow session serializer key in config.session_store MessageEncryptor has :serializer option, where any serializer object can be passed. This commit make it possible to set this serializer from configuration level. There are predefined serializers (:marshal_serializer, :json_serialzier) and custom serializer can be passed as String, Symbol (camelized and constantized in ActionDispatch::Session namepspace) or serializer object. Default :json_serializer was also added to generators to provide secure defalt. --- guides/source/action_controller_overview.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'guides/source') diff --git a/guides/source/action_controller_overview.md b/guides/source/action_controller_overview.md index c55637eb0a..0234120b45 100644 --- a/guides/source/action_controller_overview.md +++ b/guides/source/action_controller_overview.md @@ -381,6 +381,28 @@ You can also pass a `:domain` key and specify the domain name for the cookie: YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', domain: ".example.com" ``` +You can pass `:serializer` key to specify serializer for serializing session: + +```ruby +YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', serializer: :json_serializer +``` + +Default serializer is `:marshal_serializer`. When Symbol or String is passed it +will look for appropriate class in `ActionDispatch::Session` namespace, so +passing `:my_custom_serializer` would load +`ActionDispatch::Session::MyCustomSerializer`. + +```ruby +YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', serializer: :my_custom_serializer +``` + +It is also possible to pass serializer object with defined `load` and `dump` +public methods: + +```ruby +YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', serializer: MyCustomSerializer +``` + Rails sets up (for the CookieStore) a secret key used for signing the session data. This can be changed in `config/initializers/secret_token.rb` ```ruby -- cgit v1.2.3