class Rack::Protection::SessionHijacking
- spoofed, too, this will not prevent determined hijacking attempts.
from Firesheep. Since all headers taken into consideration can be
the session if those properties change. This essentially prevents attacks
Tracks request properties like the user agent in the session and empties
More infos - en.wikipedia.org/wiki/Session_hijacking<br>Supported browsers
- all
Prevented attack -
Session Hijacking
#
- all
def accepts?(env)
def accepts?(env) session = session env key = options[:tracking_key] if session.include? key session[key].all? { |k, v| v == encode(env[k]) } else session[key] = {} options[:track].each { |k| session[key][k] = encode(env[k]) } end end
def encode(value)
def encode(value) value.to_s.downcase end