RubygemsResearch

Sha256: b06f5e9fe923d6f7f4c317fe4ba881578833581a693a663a235ed6b6bd33b478

Contents?: true

Size: 1.18 KB

Versions: 80

Compression:

Stored size: 1.18 KB

require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   Session Hijacking
    # Supported browsers:: all
    # More infos::         http://en.wikipedia.org/wiki/Session_hijacking
    #
    # Tracks request properties like the user agent in the session and empties
    # the session if those properties change. This essentially prevents attacks
    # from Firesheep. Since all headers taken into consideration can be
    # spoofed, too, this will not prevent determined hijacking attempts.
    class SessionHijacking < Base
      default_reaction :drop_session
      default_options :tracking_key => :tracking, :encrypt_tracking => true,
        :track => %w[HTTP_USER_AGENT HTTP_ACCEPT_LANGUAGE]

      def accepts?(env)
        session = session env
        key     = options[:tracking_key]
        if session.include? key
          session[key].all? { |k,v| v == encrypt(env[k]) }
        else
          session[key] = {}
          options[:track].each { |k| session[key][k] = encrypt(env[k]) }
        end
      end

      def encrypt(value)
        value = value.to_s.downcase
        options[:encrypt_tracking] ? super(value) : value
      end
    end
  end
end

Version data entries

80 entries across 76 versions & 19 rubygems

Version	Path
logstash-output-scalyr-0.2.1.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.2.0	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.2.0.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.26.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.25.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.24.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.23.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.22.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.21.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.20.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.19.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.18.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.17.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.16.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.15.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.14.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.13	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.12	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.11.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb
logstash-output-scalyr-0.1.10.beta	vendor/bundle/jruby/2.5.0/gems/rack-protection-1.5.5/lib/rack/protection/session_hijacking.rb