Permalink
Browse files

explain the Mojolicious secret

  • Loading branch information...
1 parent 6e74737 commit c005b5a7c48dd3619904d40e10a5719302d3cadd @kraih committed Dec 9, 2010
Showing with 12 additions and 2 deletions.
  1. +1 −1 lib/Mojolicious/Guides.pod
  2. +11 −1 lib/Mojolicious/Guides/Growing.pod
@@ -5,7 +5,7 @@ Mojolicious::Guides - Mojolicious Guide To The Galaxy
=head1 DON'T PANIC!
-We are constantly working on new documentation, follow us on
+We are constantly working on new documentation, follow us at
L<http://twitter.com/kraih> and L<http://github.com/kraih/mojo> or join the
official IRC channel C<#mojo> on C<irc.perl.org> to get all the latest
updates.
@@ -345,7 +345,12 @@ Quick C<GET> requests can be performed right from the command line.
=head2 State Keeping
Sessions in L<Mojolicious> pretty much just work out of the box and there is
-no setup required.
+no setup required, but we suggest using a more secure C<secret> passphrase.
+
+ app->secret('Mojolicious rocks!');
+
+This passphrase is used by the C<HMAC-MD5> algorithm to make signed cookies
+secure and can be changed at any time to invalidate all existing sessions.
$self->session(user => 'sri');
my $user = $self->session('user');
@@ -375,6 +380,9 @@ like this.
use lib 'lib';
use MyUsers;
+ # Make signed cookies secure
+ app->secret('Mojolicious rocks!');
+
app->defaults(users => MyUsers->new);
# Main login action
@@ -494,6 +502,7 @@ actual action code needs to be changed.
sub startup {
my $self = shift;
+ $self->secret('Mojolicious rocks!');
$self->defaults(users => MyUsers->new);
# Router
@@ -612,6 +621,7 @@ information.
sub startup {
my $self = shift;
+ $self->secret('Mojolicious rocks!');
$self->defaults(users => MyUsers->new);
my $r = $self->routes;

0 comments on commit c005b5a

Please sign in to comment.