Update attack protection documentation

2016-08-08 11:16:56 -04:00 · 2016-08-08 11:16:56 -04:00 · 593cb372b9
parent 1c623006dc
commit 593cb372b9
1 changed files with 8 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -2111,7 +2111,14 @@ set :protection, :except => [:path_traversal, :session_hijacking]
 ```

 By default, Sinatra will only set up session based protection if `:sessions`
-have been enabled. See 'Using Sessions'.
+have been enabled. See 'Using Sessions'. Sometimes you may want to set up
+sessions "outside" of the Sinatra app, such as in the config.ru or with a
+separate Rack::Builder instance. In that case you can still set up session
+based protection by passing the `:session` option:
+
+```ruby
+set :protection, :session => true
+```

 ### Available Settings