Skip to content
Browse files

Merge pull request #70 from mcdd/master

Update security guide ActiveRecordStore/SessionStore
  • Loading branch information...
2 parents 74b9441 + b9b4cfc commit c2f03d19c2c4ccb344cd2ba2c683050c3ec54b24 @guilleiguaran guilleiguaran committed
Showing with 2 additions and 2 deletions.
  1. +2 −2 railties/guides/source/security.textile
View
4 railties/guides/source/security.textile
@@ -82,9 +82,9 @@ This will also be a good idea, if you modify the structure of an object and old
h4. Session Storage
--- _Rails provides several storage mechanisms for the session hashes. The most important are ActiveRecordStore and CookieStore._
+-- _Rails provides several storage mechanisms for the session hashes. The most important are SessionStore and CookieStore._
-There are a number of session storages, i.e. where Rails saves the session hash and session id. Most real-live applications choose ActiveRecordStore (or one of its derivatives) over file storage due to performance and maintenance reasons. ActiveRecordStore keeps the session id and hash in a database table and saves and retrieves the hash on every request.
+There are a number of session storages, i.e. where Rails saves the session hash and session id. Most real-live applications choose SessionStore (or one of its derivatives) over file storage due to performance and maintenance reasons. SessionStore keeps the session id and hash in a database table and saves and retrieves the hash on every request.
Rails 2 introduced a new default session storage, CookieStore. CookieStore saves the session hash directly in a cookie on the client-side. The server retrieves the session hash from the cookie and eliminates the need for a session id. That will greatly increase the speed of the application, but it is a controversial storage option and you have to think about the security implications of it:

0 comments on commit c2f03d1

Please sign in to comment.
Something went wrong with that request. Please try again.