Merge pull request rails#44523 from SValkanov/apidocs_edit_actioncontroller_doc

rafaelfranca · web-flow · commit eaccffaa8cc9 · 2022-02-25T14:50:20.000-05:00
Edit ActionController Base API docs [ci-skip]
diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb
@@ -87,10 +87,11 @@ module ActionController
   #
   # or you can remove the entire session with +reset_session+.
   #
-  # Sessions are stored by default in a browser cookie that's cryptographically signed, but unencrypted.
-  # This prevents the user from tampering with the session but also allows them to see its contents.
-  #
-  # Do not put secret information in cookie-based sessions!
+  # By default, sessions are stored in an encrypted browser cookie (see
+  # ActionDispatch::Session::CookieStore). Thus the user will not be able to
+  # read or edit the session data. However, the user can keep a copy of the
+  # cookie even after it has expired, so you should avoid storing sensitive
+  # information in cookie-based sessions.
   #
   # == Responses
   #

Original file line number	Diff line number	Diff line change
`@@ -87,10 +87,11 @@ module ActionController`
`87`	`87`	`#`
`88`	`88`	`# or you can remove the entire session with +reset_session+.`
`89`	`89`	`#`
`90`		`- # Sessions are stored by default in a browser cookie that's cryptographically signed, but unencrypted.`
`91`		`- # This prevents the user from tampering with the session but also allows them to see its contents.`
`92`		`- #`
`93`		`- # Do not put secret information in cookie-based sessions!`
	`90`	`+ # By default, sessions are stored in an encrypted browser cookie (see`
	`91`	`+ # ActionDispatch::Session::CookieStore). Thus the user will not be able to`
	`92`	`+ # read or edit the session data. However, the user can keep a copy of the`
	`93`	`+ # cookie even after it has expired, so you should avoid storing sensitive`
	`94`	`+ # information in cookie-based sessions.`
`94`	`95`	`#`
`95`	`96`	`# == Responses`
`96`	`97`	`#`