cjames
Reputation: 87
Session fixation under Rails
Because Rails stores the hash of every cookie to prevent tampering, is session fixation possible under the framework? How would an attacker change another user's session_id to match his own (which in turn alters the cookie) without destroying the integrity of this hash and invalidating the cookie? I'm fairly new to web security so forgive my question if its naive.
I'm assuming that XSS javascript can only alter the cookie client-side, maybe this is wrong.
Upvotes: 1
Views: 136
Answers (0)
Related Questions
- Rails Login Reset Session
- sessions handling in rails when signed up
- Preventing session fixation in ruby sinatra
- Secure and insecure sessions with Rails
- Ruby rails - session management
- Session in rails and security
- sessions in Rails
- Session management in Rails (2.3)
- Ruby on Rails Session Question
- Things to consider while using session in Rails