From a0cf0951af31bee81d5291ca31d7daa3b04d9001 Mon Sep 17 00:00:00 2001
From: Jacques Distler <distler@golem.ph.utexas.edu>
Date: Mon, 24 Dec 2007 17:18:30 -0600
Subject: [PATCH] Document the Secret Key configuration a bit

---
 config/environment.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/config/environment.rb b/config/environment.rb
index f299f4fd..978f479e 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -8,7 +8,17 @@ Rails::Initializer.run do |config|
   generator = Rails::SecretKeyGenerator.new("Instiki")
   config.action_controller.session = { 
      :session_key => "instiki_session",
+  #####
+  ### This one generates a secret key automatically at launch.
+  ###     advantage: secure, no configuration necessary
+  ###  disadvantage: restart the server, and all existing
+  ###                session keys become invalid.
      :secret => generator.generate_secret
+  ###
+  ###  Alternatively, you can set your own unchanging secret key
+  ###  by editing and then uncommenting the following line, instead:
+  #  : secret => "a_very_long_string_of_random_letter_and_numbers"
+  #####
    } 
 
   # Skip frameworks you're not going to use