Permalink
Browse files

Merge pull request #8766 from jcoglan/session_token_docs

Remove suggestion that Procs can be used as session secrets.

[ci skip]
  • Loading branch information...
2 parents 516f148 + 6500d79 commit fa6e995a03ea2daa78902f7ea5cc9cb570014609 @pixeltrix pixeltrix committed Jan 5, 2013
Showing with 4 additions and 7 deletions.
  1. +4 −7 actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -21,15 +21,12 @@ module Session
#
# Session options:
#
- # * <tt>:secret</tt>: An application-wide key string or block returning a
- # string called per generated digest. The block is called with the
- # CGI::Session instance as an argument. It's important that the secret
- # is not vulnerable to a dictionary attack. Therefore, you should choose
- # a secret consisting of random numbers and letters and more than 30
- # characters.
+ # * <tt>:secret</tt>: An application-wide key string. It's important that
+ # the secret is not vulnerable to a dictionary attack. Therefore, you
+ # should choose a secret consisting of random numbers and letters and
+ # more than 30 characters.
#
# secret: '449fe2e7daee471bffae2fd8dc02313d'
- # secret: Proc.new { User.current_user.secret_key }
#
# * <tt>:digest</tt>: The message digest algorithm used to verify session
# integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,

0 comments on commit fa6e995

Please sign in to comment.