class Rack::Protection::SessionHijacking
- spoofed, too, this will not prevent all hijacking attempts.
from Firesheep. Since all headers taken into consideration might be
the session if those properties change. This essentially prevents attacks
Tracks request properties like the user agent in the session and empties
More infos - en.wikipedia.org/wiki/Session_hijacking<br>Supported browsers
- all
Prevented attack -
Session Hijacking
#
- all
def accepts?(env)
def accepts?(env) session = session env key = options[:tracking_key] if session.include? key session[key].all? { |k,v| v == encrypt(env[k]) } else session[key] = {} options[:track].each { |k| session[key][k] = encrypt(env[k]) } end end
def encrypt(value)
def encrypt(value) options[:encrypt_tracking] ? super(value) : value.to_s end