Browse files

Document that the cookie store is the default session store. Mention …

…the memcached store. Closes #10241 [Josh Susser, Jeremy Kemper]

git-svn-id: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
1 parent e0ce691 commit 96add62ecc46354de3522b00d52a8cfa7ff7bb92 @jeremy jeremy committed Nov 22, 2007
Showing with 17 additions and 8 deletions.
  1. +14 −5 actionpack/lib/action_controller/base.rb
  2. +3 −3 actionpack/lib/action_controller/session_management.rb
@@ -162,17 +162,26 @@ def initialize(message = nil)
# For removing objects from the session, you can either assign a single key to nil, like <tt>session[:person] = nil</tt>, or you can
# remove the entire session with reset_session.
- # By default, sessions are stored on the file system in <tt>RAILS_ROOT/tmp/sessions</tt>. Any object can be placed in the session
- # (as long as it can be Marshalled). But remember that 1000 active sessions each storing a 50kb object could lead to a 50MB store on the filesystem.
- # In other words, think carefully about size and caching before resorting to the use of the session on the filesystem.
+ # Sessions are stored in a browser cookie that's crytographically signed, but unencrypted, by default. This prevents
+ # the user from tampering with the session but also allows him to see its contents.
- # An alternative to storing sessions on disk is to use ActiveRecordStore to store sessions in your database, which can solve problems
- # caused by storing sessions in the file system and may speed up your application. To use ActiveRecordStore, uncomment the line:
+ # Do not put secret information in session!
+ #
+ # Other options for session storage are:
+ #
+ # ActiveRecordStore: sessions are stored in your database, which works better than PStore with multiple app servers and,
+ # unlike CookieStore, hides your session contents from the user. To use ActiveRecordStore, set
# config.action_controller.session_store = :active_record_store
# in your <tt>environment.rb</tt> and run <tt>rake db:sessions:create</tt>.
+ # MemCacheStore: sessions are stored as entries in your memcached cache. Set the session store type in <tt>environment.rb</tt>:
+ #
+ # config.action_controller.session_store = :mem_cache_store
+ #
+ # This assumes that memcached has been installed and configured properly. See the MemCacheStore docs for more information.
+ #
# == Responses
# Each action results in a response, which holds the headers and document to be sent to the user's browser. The actual response
@@ -16,9 +16,9 @@ def self.included(base)
module ClassMethods
- # Set the session store to be used for keeping the session data between requests. The default is using the
- # file system, but you can also specify one of the other included stores (:active_record_store, :drb_store,
- # :mem_cache_store, or :memory_store) or use your own class.
+ # Set the session store to be used for keeping the session data between requests. By default, sessions are stored
+ # in browser cookies (:cookie_store), but you can also specify one of the other included stores
+ # (:active_record_store, :p_store, drb_store, :mem_cache_store, or :memory_store) or your own custom class.
def session_store=(store)
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager] =
store.is_a?(Symbol) ? CGI::Session.const_get(store == :drb_store ? "DRbStore" : store.to_s.camelize) : store

0 comments on commit 96add62

Please sign in to comment.