README.md in frikandel-2.0.0 vs README.md in frikandel-2.1.0

- old
+ new

@@ -1,8 +1,9 @@ # Frikandel [![Gem Version](https://badge.fury.io/rb/frikandel.png)](http://badge.fury.io/rb/frikandel) [![Build Status](https://api.travis-ci.org/taktsoft/frikandel.png)](https://travis-ci.org/taktsoft/frikandel) +[![Code Climate](https://codeclimate.com/github/taktsoft/frikandel.png)](https://codeclimate.com/github/taktsoft/frikandel) This gem aims to improve the security of your rails application. It allows you to add a TTL (Time To Live) to the session cookie and allows you to bind the session to an IP address. When the TTL expires or the IP address changes, the users session gets reset. This should help to make [session-fixation-attacks](http://guides.rubyonrails.org/security.html#session-fixation) harder to execute. @@ -69,11 +70,11 @@ The default values are `24.hours` for `max_ttl` and `2.hours` for `ttl`. If you are okay with this settings, you don't need to create an initializer for frikandel. ### Customize on_invalid_session behavior -You can also overwrite what should happen when a cookie times out on the controller-level. The default behaviour is to do a `reset_session` and `redirect_to root_path`. For example, if you want to overwrite the default behavior when a user is on the `PublicController`, you want to overwrite the `on_expired_session`-method in your controller: +You can also overwrite what should happen when a cookie times out on the controller-level. The default behaviour is to do a `reset_session` and `redirect_to root_path`. For example, if you want to overwrite the default behavior when a user is on the `PublicController`, you want to overwrite the `on_invalid_session`-method in your controller: ```ruby class PublicController < ApplicationController def on_invalid_session raise "Your Session Has Expired! Oh No!" @@ -89,10 +90,19 @@ end ``` ## Changes -2.0.0 Added IP address binding. Renamed callback from 'on_expired_session' to 'on_invalid_session'. +2.1.0 -- Reset session only once if using the combination of TTL and IP address binding. +2.0.0 -- Added IP address binding. Renamed callback from 'on_expired_session' to 'on_invalid_session'. + +## Test + +To run the test suite with different rails version by selecting the corresponding gemfile. You can use this one liners: + + $ BUNDLE_GEMFILE=Gemfile.rails-3.2.x bundle update && bundle exec rake spec + $ BUNDLE_GEMFILE=Gemfile.rails-4.0.x bundle update && bundle exec rake spec + $ BUNDLE_GEMFILE=Gemfile.rails-4.1.x bundle update && bundle exec rake spec ## Contributing 1. Fork it 2. Create your feature branch (git checkout -b my-new-feature) 3. Commit your changes (git commit -am 'Add some feature')