Remove suggestion that Procs can be used as session secrets.

rails · Jan 5, 2013 · 6500d79 · 6500d79
1 parent c1eaff0
commit 6500d79
Showing 1 changed file with 4 additions and 7 deletions.
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -21,15 +21,12 @@ module Session
     #
     # Session options:
     #
-    # * <tt>:secret</tt>: An application-wide key string or block returning a
+    # * <tt>:secret</tt>: An application-wide key string. It's important that
-    #   string called per generated digest. The block is called with the
+    #   the secret is not vulnerable to a dictionary attack. Therefore, you
-    #   CGI::Session instance as an argument. It's important that the secret
+    #   should choose a secret consisting of random numbers and letters and
-    #   is not vulnerable to a dictionary attack. Therefore, you should choose
+    #   more than 30 characters.
-    #   a secret consisting of random numbers and letters and more than 30
-    #   characters.
     #
     #     secret: '449fe2e7daee471bffae2fd8dc02313d'
-    #     secret: Proc.new { User.current_user.secret_key }
     #
     # * <tt>:digest</tt>: The message digest algorithm used to verify session
     #   integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,