From 87bdb85ff16f37f0ea75303b77a61f2c48b385aa Mon Sep 17 00:00:00 2001
From: Konstantin Haase <konstantin.mailinglists@googlemail.com>
Date: Sun, 13 Mar 2011 09:37:27 +0100
Subject: [PATCH] document session_secret

---
 README.rdoc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.rdoc b/README.rdoc
index 8c8a8f41..e2f8c3f2 100644
--- a/README.rdoc
+++ b/README.rdoc
@@ -799,6 +799,13 @@ middleware of choice how you would any other middleware:
     session[:value] = params[:value]
   end
 
+To improve security, the session data in the cookie is signed with a session
+secret. A random secret is generate for you by Sinatra. However, since this
+secret will change with every start of your application, you might want to
+set the secret yourself, so all your application instances share it:
+
+  set :session_secret, 'super secret'
+
 === Halting
 
 To immediately stop a request within a filter or route use: