class Rack::Protection::SessionHijacking
- Prevented attack
-
Session Hijacking
- Supported browsers
-
all
- More infos
Tracks request properties like the user agent in the session and empties the session if those properties change. This essentially prevents attacks from Firesheep. Since all headers taken into consideration can be spoofed, too, this will not prevent determined hijacking attempts.
Public Instance Methods
accepts?(env)
click to toggle source
# File lib/rack/protection/session_hijacking.rb, line 19 def accepts?(env) session = session env key = options[:tracking_key] if session.include? key session[key].all? { |k,v| v == encrypt(env[k]) } else session[key] = {} options[:track].each { |k| session[key][k] = encrypt(env[k]) } end end
encrypt(value)
click to toggle source
Calls superclass method
Rack::Protection::Base#encrypt
# File lib/rack/protection/session_hijacking.rb, line 30 def encrypt(value) value = value.to_s.downcase options[:encrypt_tracking] ? super(value) : value end