Sha256: 5f723a3e4d5bf09326db38de2ba2e8c509f1ff93d7604547fe2172e9e608c991
Contents?: true
Size: 525 Bytes
Versions: 2
Compression:
Stored size: 525 Bytes
Contents
# frozen_string_literal: true
# NOTE: Provides the ability to refresh session before sign_in for session fixation attacks.
# https://owasp.org/www-community/attacks/Session_fixation
module Aikotoba
module Protection::SessionFixationAttack
extend ActiveSupport::Concern
def prevent_session_fixation_attack
reflesh_session
end
private
def reflesh_session
old_session = session.dup.to_hash
reset_session
old_session.each_pair { |k, v| session[k.to_sym] = v }
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| aikotoba-0.1.1 | app/controllers/concerns/aikotoba/protection/session_fixation_attack.rb |
| aikotoba-0.1.0 | app/controllers/concerns/aikotoba/protection/session_fixation_attack.rb |