tmp/development_secret.txt
. In all other environments, it is stored encrypted in the config/credentials.yml.enc
file.config/secrets.yml
file.CookieStore
extends Rack::Session::Abstract::Persisted, many of the options described there can be used to customize the session cookie that is generated. For example::key
, :secure
and :httponly
.