From 1506d4d9e4fcf7abb94574bf8d0d58672b04a736 Mon Sep 17 00:00:00 2001
From: James Coglan <jcoglan@gmail.com>
Date: Sat, 5 Jan 2013 14:52:02 +0000
Subject: [PATCH] Remove suggestion that Procs can be used as session secrets.
 (cherry picked from commit 6500d7994e94af439587ba0b6088b14532940ad2)

[ci skip]

Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
---
 .../middleware/session/cookie_store.rb                | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index 29e9e6c2611df..80c596fd51799 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -22,15 +22,12 @@ module Session
     #
     # Session options:
     #
-    # * <tt>:secret</tt>: An application-wide key string or block returning a
-    #   string called per generated digest. The block is called with the
-    #   CGI::Session instance as an argument. It's important that the secret
-    #   is not vulnerable to a dictionary attack. Therefore, you should choose
-    #   a secret consisting of random numbers and letters and more than 30
-    #   characters. Examples:
+    # * <tt>:secret</tt>: An application-wide key string. It's important that
+    #   the secret is not vulnerable to a dictionary attack. Therefore, you
+    #   should choose a secret consisting of random numbers and letters and
+    #   more than 30 characters.
     #
     #     :secret => '449fe2e7daee471bffae2fd8dc02313d'
-    #     :secret => Proc.new { User.current_user.secret_key }
     #
     # * <tt>:digest</tt>: The message digest algorithm used to verify session
     #   integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,