class Rack::Protection::SessionHijacking

spoofed, too, this will not prevent determined hijacking attempts. from Firesheep. Since all headers taken into consideration can be the session if those properties change. This essentially prevents attacks Tracks request properties like the user agent in the session and empties More infos

en.wikipedia.org/wiki/Session_hijacking<br>Supported browsers

all Prevented attack: Session Hijacking
#

def accepts?(env)

def accepts?(env)
  session = session env
  key     = options[:tracking_key]
  if session.include? key
    session[key].all? { |k, v| v == encode(env[k]) }
  else
    session[key] = {}
    options[:track].each { |k| session[key][k] = encode(env[k]) }
  end
end

def encode(value)

def encode(value)
  value.to_s.downcase
end

Modules

Classes

class Rack::Protection::SessionHijacking

def accepts?(env)

def encode(value)

Namespace

Parent class

Instance Methods

Defined in