RubygemsResearch

Sha256: ee4fbd7e208aaa1fb6c09be12703d3d91eb055ca0eb3cf34d202f9ea41cd1a9a

Contents?: true

Size: 1.1 KB

Versions: 16

Compression:

Stored size: 1.1 KB

# frozen_string_literal: true

require 'rack/protection'

module Rack
  module Protection
    ##
    # Prevented attack::   Session Hijacking
    # Supported browsers:: all
    # More infos::         http://en.wikipedia.org/wiki/Session_hijacking
    #
    # Tracks request properties like the user agent in the session and empties
    # the session if those properties change. This essentially prevents attacks
    # from Firesheep. Since all headers taken into consideration can be
    # spoofed, too, this will not prevent determined hijacking attempts.
    class SessionHijacking < Base
      default_reaction :drop_session
      default_options tracking_key: :tracking,
                      track: %w[HTTP_USER_AGENT]

      def accepts?(env)
        session = session env
        key     = options[:tracking_key]
        if session.include? key
          session[key].all? { |k, v| v == encode(env[k]) }
        else
          session[key] = {}
          options[:track].each { |k| session[key][k] = encode(env[k]) }
        end
      end

      def encode(value)
        value.to_s.downcase
      end
    end
  end
end

Version data entries

16 entries across 16 versions & 2 rubygems

Version	Path
rack-protection-4.1.1	lib/rack/protection/session_hijacking.rb
rack-protection-4.1.0	lib/rack/protection/session_hijacking.rb
rack-protection-4.0.0	lib/rack/protection/session_hijacking.rb
rack-protection-3.2.0	lib/rack/protection/session_hijacking.rb
rack-protection-3.1.0	lib/rack/protection/session_hijacking.rb
rubypitaya-3.12.5	./lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/session_hijacking.rb
rack-protection-3.0.6	lib/rack/protection/session_hijacking.rb
rubypitaya-3.12.4	./lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/session_hijacking.rb
rubypitaya-3.12.3	./lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/session_hijacking.rb
rubypitaya-3.12.2	./lib/rubypitaya/app-template/vendor/bundle/ruby/3.1.0/gems/rack-protection-3.0.5/lib/rack/protection/session_hijacking.rb
rack-protection-3.0.5	lib/rack/protection/session_hijacking.rb
rack-protection-3.0.4	lib/rack/protection/session_hijacking.rb
rack-protection-3.0.3	lib/rack/protection/session_hijacking.rb
rack-protection-3.0.2	lib/rack/protection/session_hijacking.rb
rack-protection-3.0.1	lib/rack/protection/session_hijacking.rb
rack-protection-3.0.0	lib/rack/protection/session_hijacking.rb