Permalink
Browse files

edged coverage of session storage configuration

  • Loading branch information...
1 parent f11616b commit 01f82d62dcc32dd7ee0ecbac7505786dca941973 @fxn fxn committed Feb 7, 2009
Showing with 13 additions and 7 deletions.
  1. +13 −7 railties/guides/source/action_controller_overview.textile
@@ -171,19 +171,25 @@ The CookieStore can store around 4kB of data - much less than the others - but t
Read more about session storage in the "Security Guide":security.html.
-If you need a different session storage mechanism, you can change it in the +config/environment.rb+ file:
+If you need a different session storage mechanism, you can change it in the +config/initializers/session_store.rb+ file:
<ruby>
-# Set to one of [:active_record_store, :drb_store, :mem_cache_store, :cookie_store]
-config.action_controller.session_store = :active_record_store
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rake db:sessions:create")
+# ActionController::Base.session_store = :active_record_store
</ruby>
-Rails sets up a session key (the name of the cookie) and (for the CookieStore) a secret key used when signing the session data. These can also be changed in +config/environment.rb+:
+Rails sets up a session key (the name of the cookie) and (for the CookieStore) a secret key used when signing the session data. These can also be changed in +config/initializers/session_store.rb+:
<ruby>
-config.actioncontroller.session = {
- :key => "_yourappname_session",
- :secret => "g7tr273tr823ter823tr2qtr8q73w8q3trh76t878..."
+# Your secret key for verifying cookie session data integrity.
+# If you change this key, all old sessions will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+ActionController::Base.session = {
+ :key => '_yourappname_session',
+ :secret => '4f50711b8f0f49572...'
}
</ruby>

0 comments on commit 01f82d6

Please sign in to comment.