From 01f82d62dcc32dd7ee0ecbac7505786dca941973 Mon Sep 17 00:00:00 2001 From: Xavier Noria Date: Sat, 7 Feb 2009 15:06:26 +0100 Subject: edged coverage of session storage configuration --- .../guides/source/action_controller_overview.textile | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'railties') diff --git a/railties/guides/source/action_controller_overview.textile b/railties/guides/source/action_controller_overview.textile index 885c691efb..137349e2ff 100644 --- a/railties/guides/source/action_controller_overview.textile +++ b/railties/guides/source/action_controller_overview.textile @@ -171,19 +171,25 @@ The CookieStore can store around 4kB of data - much less than the others - but t Read more about session storage in the "Security Guide":security.html. -If you need a different session storage mechanism, you can change it in the +config/environment.rb+ file: +If you need a different session storage mechanism, you can change it in the +config/initializers/session_store.rb+ file: -# Set to one of [:active_record_store, :drb_store, :mem_cache_store, :cookie_store] -config.action_controller.session_store = :active_record_store +# Use the database for sessions instead of the cookie-based default, +# which shouldn't be used to store highly confidential information +# (create the session table with "rake db:sessions:create") +# ActionController::Base.session_store = :active_record_store -Rails sets up a session key (the name of the cookie) and (for the CookieStore) a secret key used when signing the session data. These can also be changed in +config/environment.rb+: +Rails sets up a session key (the name of the cookie) and (for the CookieStore) a secret key used when signing the session data. These can also be changed in +config/initializers/session_store.rb+: -config.actioncontroller.session = { - :key => "_yourappname_session", - :secret => "g7tr273tr823ter823tr2qtr8q73w8q3trh76t878..." +# Your secret key for verifying cookie session data integrity. +# If you change this key, all old sessions will become invalid! +# Make sure the secret is at least 30 characters and all random, +# no regular words or you'll be exposed to dictionary attacks. +ActionController::Base.session = { + :key => '_yourappname_session', + :secret => '4f50711b8f0f49572...' } -- cgit v1.2.3