Comments (2)
Further note, our entire site is running off https as is. My fear is that, without the secure flag been set, the contents of the session can be sniffed over a wifi. With this info, an attacher can just pop it into his session and remain logged into the site until expiry time.
from activerecord-session_store.
non-issue
from activerecord-session_store.
Related Issues (20)
- Version bump? HOT 2
- New session not persisting in Rails 5+ HOT 3
- Ruby 3.0 breaks web-console HOT 3
- Vulnerabilities found activerecord-session_store Timing Attack HOT 2
- NoMethodError: undefined method silence for Logger after 2.0.0 upgrade HOT 21
- SqlBypass holds onto old connection, resulting in ActiveRecord::ConnectionNotEstablished: connection is closed error
- uninitialized constant ActionDispatch::Session::AbstractSecureStore HOT 4
- Write query attempted while in readonly mode: INSERT INTO "sessions HOT 1
- Invalid authenticity token when paired with Devise HOT 1
- Thread safety on 1.1.3 HOT 1
- README configuration typo
- upgrading from 1.1 to 2.0.0 issue
- documentation about CVE-2019-16782 HOT 3
- What is the main purpose of this gem? HOT 9
- what are pros and cons of this store if we use this in place of cookie store HOT 1
- How to find a session record using the session id from the cookie HOT 1
- Rails 6, losing CSRF token HOT 1
- Rack 3 compatibility HOT 5
- "Undefined method logger.silence" HOT 3
- Remove multi_json as dependency in favor of std-lib json
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from activerecord-session_store.