Altered nonce comment (modeled after encryptKey).

I note that for `key' == Nothing` it should probably hold that `session' == []` as implemented in defaultYesodRunner, so perhaps the comment regarding ignoring pre-existing `nonceKey` is redundant. But a custom `yesodRunner` could arguably violate this invariant(?).
2011-09-21 22:31:59 +08:00 · 2011-09-21 22:31:59 +08:00 · 39ef74cb10
commit 39ef74cb10
parent 4d1ea8520a
1 changed files with 3 additions and 3 deletions
--- a/yesod-core/Yesod/Internal/Request.hs
+++ b/yesod-core/Yesod/Internal/Request.hs
@ -60,9 +60,9 @@ parseWaiRequest' env session' key' gen = Request gets'' cookies' env langs' nonc
                       , lookup langKey cookies'     -- Cookie _LANG
                       , lookup langKey session'     -- Session _LANG
                       ] ++ langs                    -- Accept-Language(s)
-    -- If the session is not secure a nonce should not be
-    -- used (any nonce present in the session is ignored).
-    -- If a secure session has no nonceKey a new one is
+    -- If sessions are disabled nonces should not be used (any
+    -- nonceKey present in the session is ignored). If sessions
+    -- are enabled and a session has no nonceKey a new one is
    -- generated.
    nonce = case (key', lookup nonceKey session') of
                (Nothing, _) -> Nothing