Class: Rack::Protection::SessionHijacking
- Defined in:
- lib/rack/protection/session_hijacking.rb
Overview
- Prevented attack
-
Session Hijacking
- Supported browsers
-
all
- More infos
Tracks request properties like the user agent in the session and empties the session if those properties change. This essentially prevents attacks from Firesheep. Since all headers taken into consideration might be spoofed, too, this will not prevent all hijacking attempts.
Constant Summary
Constants inherited from Base
Instance Attribute Summary
Attributes inherited from Base
Instance Method Summary collapse
Methods inherited from Base
#call, #default_options, default_options, default_reaction, #deny, #drop_session, #initialize, #random_string, #react, #referrer, #safe?, #session, #session?, #warn
Constructor Details
This class inherits a constructor from Rack::Protection::Base
Instance Method Details
#accepts?(env) ⇒ Boolean
19 20 21 22 23 24 25 26 27 28 |
# File 'lib/rack/protection/session_hijacking.rb', line 19 def accepts?(env) session = session env key = [:tracking_key] if session.include? key session[key].all? { |k,v| v == encrypt(env[k]) } else session[key] = {} [:track].each { |k| session[key][k] = encrypt(env[k]) } end end |
#encrypt(value) ⇒ Object
30 31 32 |
# File 'lib/rack/protection/session_hijacking.rb', line 30 def encrypt(value) [:encrypt_tracking] ? super(value) : value.to_s end |