edged coverage of session storage configuration

railties/guides/source/action_controller_overview.textile

@@ -171,19 +171,25 @@ The CookieStore can store around 4kB of data - much less than the others - but t
 
 Read more about session storage in the "Security Guide":security.html.
 
-If you need a different session storage mechanism, you can change it in the +config/environment.rb+ file:
+If you need a different session storage mechanism, you can change it in the +config/initializers/session_store.rb+ file:
 
 <ruby>
-# Set to one of [:active_record_store, :drb_store, :mem_cache_store, :cookie_store]
-config.action_controller.session_store = :active_record_store
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rake db:sessions:create")
+# ActionController::Base.session_store = :active_record_store
 </ruby>
 
-Rails sets up a session key (the name of the cookie) and (for the CookieStore) a secret key used when signing the session data. These can also be changed in +config/environment.rb+:
+Rails sets up a session key (the name of the cookie) and (for the CookieStore) a secret key used when signing the session data. These can also be changed in +config/initializers/session_store.rb+:
 
 <ruby>
-config.actioncontroller.session = {
-  :key => "_yourappname_session",
-  :secret => "g7tr273tr823ter823tr2qtr8q73w8q3trh76t878..."
+# Your secret key for verifying cookie session data integrity.
+# If you change this key, all old sessions will become invalid!
+# Make sure the secret is at least 30 characters and all random, 
+# no regular words or you'll be exposed to dictionary attacks.
+ActionController::Base.session = {
+  :key         => '_yourappname_session',
+  :secret      => '4f50711b8f0f49572...'
 }
 </ruby>