From 95be790ece75710f2588558a6d5f40fd09543b97 Mon Sep 17 00:00:00 2001
From: Sergey Nartimov <just.lest@gmail.com>
Date: Thu, 13 Sep 2012 12:07:37 +0300
Subject: Implement :null_session CSRF protection method

It's further work on CSRF after 245941101b1ea00a9b1af613c20b0ee994a43946.

The :null_session CSRF protection method provide an empty session during
request processing but doesn't reset it completely (as :reset_session
does).
---
 .../rails/app/templates/app/controllers/application_controller.rb.tt    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'railties/lib/rails')

diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
index 6c0ef31725..d83690e1b9 100644
--- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt
@@ -1,5 +1,5 @@
 class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
-  # For APIs, you may want to use :reset_session instead.
+  # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
 end
-- 
cgit v1.2.3