Class: Rack::Protection::SessionHijacking
- Defined in:
- lib/rack/protection/session_hijacking.rb
Overview
- Prevented attack
-
Session Hijacking
- Supported browsers
-
all
- More infos
Tracks request properties like the user agent in the session and empties the session if those properties change. This essentially prevents attacks from Firesheep. Since all headers taken into consideration might be spoofed, too, this will not prevent all hijacking attempts.
Constant Summary
Constants inherited from Base
Instance Attribute Summary
Attributes inherited from Base
Instance Method Summary collapse
Methods inherited from Base
#call, #default_options, default_options, default_reaction, #deny, #drop_session, #initialize, #random_string, #react, #referrer, #safe?, #session, #session?, #warn
Constructor Details
This class inherits a constructor from Rack::Protection::Base
Instance Method Details
#accepts?(env) ⇒ Boolean
20 21 22 23 24 25 26 27 28 29 |
# File 'lib/rack/protection/session_hijacking.rb', line 20 def accepts?(env) session = session env key = [:tracking_key] if session.include? key session[key].all? { |k,v| v == encrypt(env[k]) } else session[key] = {} [:track].each { |k| session[key][k] = encrypt(env[k]) } end end |
#encrypt(value) ⇒ Object
31 32 33 |
# File 'lib/rack/protection/session_hijacking.rb', line 31 def encrypt(value) [:encrypt_tracking] ? super(value) : value.to_s end |