@@ -96,11 +96,11 @@ Rails 2 introduced a new default session storage, CookieStore. CookieStore saves
That means the security of this storage depends on this secret (and on the digest algorithm, which defaults to SHA512, which has not been compromised, yet). So _don't use a trivial secret, i.e. a word from a dictionary, or one which is shorter than 30 characters_.
-Newly generated applications get their `config.secret_key_base`(or in `environment.rb` in some past versions) initialized to a random key in `config/initializers/secret_token.rb`, e.g.:
+`config.secret_key_base`is used for specifying a key which allows sessions for the application to be verified against a known secure key to prevent tampering. Applications get `config.secret_key_base` initialized to a random key in `config/initializers/secret_token.rb`, e.g.: