GitHub Sale: sign up for any paid plan this week and pay nothing until January 1, 2009!  [ hide ]

zmalltalker / doc-rails fork watch download tarball
public
Fork of lifo/doc-rails
Description: Repository for improving Rails documentation
Homepage: http://www.rubyonrails.org
Clone URL: git://github.com/zmalltalker/doc-rails.git 
revised markup in CGI::Session::CookieStore docs
Xavier Noria (author)
Thu Apr 10 13:58:54 -0700 2008
commit  52396b8cd85341656639a4b97af66d7d0a2dc4de
tree    5bc8e0ab8f8d7dcf15ef31d96ed43662a4debe0d
parent  76632d01887448d4d5e35e16ae8f40bd18a07e64
0
actionpack/lib/action_controller/session/cookie_store.rb 
...
14
15
16
17
 
18
19
20
21
22
23
24
25
26
27
28
29
30
 
 
 
 
 
31
32
33
34
 
 
 
 
 
 
35
36
37
 
38
39
40
 
...
14
15
16
 
17
18
19
20
21
 
 
 
 
 
 
22
 
 
23
24
25
26
27
28
 
 
 
29
30
31
32
33
34
35
36
 
37
38
39
40
 
0
@@ -14,27 +14,27 @@ require 'openssl'       # to generate the HMAC message digest
0
 # TamperedWithCookie is raised if the data integrity check fails.
0
 #
0
 # A message digest is included with the cookie to ensure data integrity:
0
-# a user cannot alter his user_id without knowing the secret key included in
0
+# a user cannot alter his +user_id+ without knowing the secret key included in
0
 # the hash. New apps are generated with a pregenerated secret in
0
 # config/environment.rb. Set your own for old apps you're upgrading.
0
 #
0
 # Session options:
0
-#   :secret   An application-wide key string or block returning a string
0
-#             called per generated digest. The block is called with the
0
-#             CGI::Session instance as an argument. It's important that the
0
-#             secret is not vulnerable to a dictionary attack. Therefore,
0
-#             you should choose a secret consisting of random numbers and
0
-#             letters and more than 30 characters.
0
 #
0
-#             Example:  :secret => '449fe2e7daee471bffae2fd8dc02313d'
0
-#                       :secret => Proc.new { User.current_user.secret_key }
0
+# * <tt>:secret</tt>: An application-wide key string or block returning a string
0
+#   called per generated digest. The block is called with the CGI::Session
0
+#   instance as an argument. It's important that the secret is not vulnerable to
0
+#   a dictionary attack. Therefore, you should choose a secret consisting of
0
+#   random numbers and letters and more than 30 characters. Examples:
0
 #
0
-#   :digest   The message digest algorithm used to verify session integrity
0
-#             defaults to 'SHA1' but may be any digest provided by OpenSSL,
0
-#             such as 'MD5', 'RIPEMD160', 'SHA256', etc.
0
+#     :secret => '449fe2e7daee471bffae2fd8dc02313d'
0
+#     :secret => Proc.new { User.current_user.secret_key }
0
+#
0
+# * <tt>:digest</tt>: The message digest algorithm used to verify session
0
+#   integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,
0
+#   such as 'MD5', 'RIPEMD160', 'SHA256', etc.
0
 #
0
 # To generate a secret key for an existing application, run
0
-# `rake secret` and set the key in config/environment.rb
0
+# `rake secret` and set the key in config/environment.rb.
0
 #
0
 # Note that changing digest or secret invalidates all existing sessions!
0
 class CGI::Session::CookieStore

Comments

    No one has commented yet.