Class: Rack::Protection::SessionHijacking
- Defined in:
- lib/rack/protection/session_hijacking.rb
Overview
- Prevented attack
-
Session Hijacking
- Supported browsers
-
all
- More infos
Tracks request properties like the user agent in the session and empties the session if those properties change. This essentially prevents attacks from Firesheep. Since all headers taken into consideration can be spoofed, too, this will not prevent determined hijacking attempts.
Constant Summary
Constants inherited from Base
Instance Attribute Summary
Attributes inherited from Base
Instance Method Summary collapse
Methods inherited from Base
#call, #debug, #default_options, default_options, default_reaction, #deny, #drop_session, #encrypt, #html?, #initialize, #instrument, #origin, #random_string, #react, #referrer, #report, #safe?, #secure_compare, #session, #session?, #warn
Constructor Details
This class inherits a constructor from Rack::Protection::Base
Instance Method Details
#accepts?(env) ⇒ Boolean
21 22 23 24 25 26 27 28 29 30 |
# File 'lib/rack/protection/session_hijacking.rb', line 21 def accepts?(env) session = session env key = [:tracking_key] if session.include? key session[key].all? { |k, v| v == encode(env[k]) } else session[key] = {} [:track].each { |k| session[key][k] = encode(env[k]) } end end |
#encode(value) ⇒ Object
32 33 34 |
# File 'lib/rack/protection/session_hijacking.rb', line 32 def encode(value) value.to_s.downcase end |