Class: Rack::Protection::SessionHijacking
| Relationships & Source Files | |
| Super Chains via Extension / Inclusion / Inheritance | |
|
Class Chain:
self,
Base
|
|
|
Instance Chain:
self,
Base
|
|
| Inherits: |
Rack::Protection::Base
|
| Defined in: | rack-protection/lib/rack/protection/session_hijacking.rb |
Overview
- Prevented attack
Session Hijacking
- Supported browsers
all
- More infos
Tracks request properties like the user agent in the session and empties the session if those properties change. This essentially prevents attacks from Firesheep. Since all headers taken into consideration can be spoofed, too, this will not prevent determined hijacking attempts.
Constant Summary
Base - Inherited
Class Method Summary
Base - Inherited
| .default_options | Used by subclasses to declare default values for options they require. |
| .default_reaction | Used by subclasses to declare default reaction when a request is rejected. |
| .new | |
Instance Attribute Summary
Instance Method Summary
Base - Inherited
| #accepts?, #call, #debug, #default_options, | |
| #default_reaction | Alias for Base#deny. |
| #deny | Deny the request. |
| #drop_session, #encrypt, #html?, #instrument, #origin, #random_string, #react, #referrer, | |
| #report | When used as a reaction (with option reaction: :report), any rejected request will be allowed through, and a warning is omitted (note that warnings will not be shown if the :logging option has been set to false). |
| #safe?, #secure_compare, #session, #session?, #warn | |
Constructor Details
This class inherits a constructor from Rack::Protection::Base
Instance Method Details
#accepts?(env) ⇒ Boolean
#encode(value)
[ GitHub ]# File 'rack-protection/lib/rack/protection/session_hijacking.rb', line 32
def encode(value) value.to_s.downcase end