rails projectname -d mysql
gem install sqlite3-ruby
This cookie-based session store is the Rails default. Sessions typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. Cookie-based sessions are dramatically faster than the alternatives.
If you have more than 4K of session data or don‘t want your data to be visible to the user, pick another session store.
CookieOverflow is raised if you attempt to store more than 4K of data. TamperedWithCookie is raised if the data integrity check fails.
A message digest is included with the cookie to ensure data integrity: a user cannot alter his user_id without knowing the secret key included in the hash. New apps are generated with a pregenerated secret in config/environment.rb. Set your own for old apps you‘re upgrading.
Session options:
:secret An application-wide key string or block returning a string
called per generated digest. The block is called with the
CGI::Session instance as an argument. It's important that the
secret is not vulnerable to a dictionary attack. Therefore,
you should choose a secret consisting of random numbers and
letters and more than 30 characters.
Example: :secret => '449fe2e7daee471bffae2fd8dc02313d'
:secret => Proc.new { User.current_user.secret_key }
:digest The message digest algorithm used to verify session integrity
defaults to 'SHA1' but may be any digest provided by OpenSSL,
such as 'MD5', 'RIPEMD160', 'SHA256', etc.
To generate a secret key for an existing application, run `rake secret` and set the key in config/environment.rb
Note that changing digest or secret invalidates all existing sessions!
gem install sqlite3-ruby
This cookie-based session store is the Rails default. Sessions typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. Cookie-based sessions are dramatically faster than the alternatives.
If you have more than 4K of session data or don‘t want your data to be visible to the user, pick another session store.
CookieOverflow is raised if you attempt to store more than 4K of data. TamperedWithCookie is raised if the data integrity check fails.
A message digest is included with the cookie to ensure data integrity: a user cannot alter his user_id without knowing the secret key included in the hash. New apps are generated with a pregenerated secret in config/environment.rb. Set your own for old apps you‘re upgrading.
Session options:
:secret An application-wide key string or block returning a string
called per generated digest. The block is called with the
CGI::Session instance as an argument. It's important that the
secret is not vulnerable to a dictionary attack. Therefore,
you should choose a secret consisting of random numbers and
letters and more than 30 characters.
Example: :secret => '449fe2e7daee471bffae2fd8dc02313d'
:secret => Proc.new { User.current_user.secret_key }
:digest The message digest algorithm used to verify session integrity
defaults to 'SHA1' but may be any digest provided by OpenSSL,
such as 'MD5', 'RIPEMD160', 'SHA256', etc.
To generate a secret key for an existing application, run `rake secret` and set the key in config/environment.rb
Note that changing digest or secret invalidates all existing sessions!
179
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
