I was wondering if anyone knows what the most secure user access plugin for Rails is, and if any of them prevent session fixation?
Asked
Active
Viewed 287 times
1 Answers
2
From the Ruby on Rails security Guide as long as you're using the reset_session command during the authentication process, you should be mitigating against session fixation attacks. In general with a rails app. if you're only creating the session when the user logs in and you're issuing a new Session ID at that point, you shouldn't have too many problems with session fixation.
Rory McCune
- 60,923
- 14
- 136
- 217