Permalink
Browse files

Remove suggestion that Procs can be used as session secrets.

(cherry picked from commit 6500d79)

[ci skip]

Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
  • Loading branch information...
1 parent 665e11e commit 1506d4d9e4fcf7abb94574bf8d0d58672b04a736 @jcoglan jcoglan committed with pixeltrix Jan 5, 2013
Showing with 4 additions and 7 deletions.
  1. +4 −7 actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -22,15 +22,12 @@ module Session
#
# Session options:
#
- # * <tt>:secret</tt>: An application-wide key string or block returning a
- # string called per generated digest. The block is called with the
- # CGI::Session instance as an argument. It's important that the secret
- # is not vulnerable to a dictionary attack. Therefore, you should choose
- # a secret consisting of random numbers and letters and more than 30
- # characters. Examples:
+ # * <tt>:secret</tt>: An application-wide key string. It's important that
+ # the secret is not vulnerable to a dictionary attack. Therefore, you
+ # should choose a secret consisting of random numbers and letters and
+ # more than 30 characters.
#
# :secret => '449fe2e7daee471bffae2fd8dc02313d'
- # :secret => Proc.new { User.current_user.secret_key }
#
# * <tt>:digest</tt>: The message digest algorithm used to verify session
# integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,

0 comments on commit 1506d4d

Please sign in to comment.