Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Remove suggestion that Procs can be used as session secrets.

(cherry picked from commit 6500d79)

[ci skip]

Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
  • Loading branch information...
commit 1506d4d9e4fcf7abb94574bf8d0d58672b04a736 1 parent 665e11e
@jcoglan jcoglan authored pixeltrix committed
View
11 actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -22,15 +22,12 @@ module Session
#
# Session options:
#
- # * <tt>:secret</tt>: An application-wide key string or block returning a
- # string called per generated digest. The block is called with the
- # CGI::Session instance as an argument. It's important that the secret
- # is not vulnerable to a dictionary attack. Therefore, you should choose
- # a secret consisting of random numbers and letters and more than 30
- # characters. Examples:
+ # * <tt>:secret</tt>: An application-wide key string. It's important that
+ # the secret is not vulnerable to a dictionary attack. Therefore, you
+ # should choose a secret consisting of random numbers and letters and
+ # more than 30 characters.
#
# :secret => '449fe2e7daee471bffae2fd8dc02313d'
- # :secret => Proc.new { User.current_user.secret_key }
#
# * <tt>:digest</tt>: The message digest algorithm used to verify session
# integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,
Please sign in to comment.
Something went wrong with that request. Please try again.