RubyGems Navigation menu

rack-deadline 1.0.1

rack-deadline is a simple rack middleware that automatically clears sessions that have been open too long (by default, 1 day). This is designed for use with cookie stores to mitigate the risk of session fixation, since it is impossible to invalidate older sessions with a pure cookie-based approach. It is impossible to enforce a deadline with the standard rack cookie session API. The expire_after setting is not part of the session itself (it's part of the cookie, and not cryptographically signed), and an attacker who has access to a previous cookie can just omit it when making a request. This stores a deadline inside the crytographically signed session, and once the deadline is passed, the session will no longer be valid.

Gemfile:
= In die Zwischenablage kopieren Kopiert!

installieren:
=

Versionen:

  1. 1.0.1 - January 27, 2015 (7,5 KB)
  2. 1.0.0 - January 28, 2014 (7,5 KB)

Besitzer:

Autoren:

  • Jeremy Evans

SHA 256-Prüfsumme:

68a919644604645ff72485acc157694dd1c95cabeb2066b1e6e2edfb45266894

Downloads insgesamt 5.597

Für diese Version 3.143

Lizenz:

MIT

Erforderliche Ruby-Version: >= 0

Links: