Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'master' of https://github.com/kotfu/docrails into kotfu…

…-master
  • Loading branch information...
commit 6308f1f0fc5d85963e90787190e1164da7ac364e 2 parents 2025775 + 1ef9ddd
@asanghi asanghi authored
Showing with 1 addition and 1 deletion.
  1. +1 −1  railties/guides/source/security.textile
View
2  railties/guides/source/security.textile
@@ -166,7 +166,7 @@ end
The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a created_at column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above:
<ruby>
-delete_all "updated_at < '#{time.to_s(:db)}' OR
+delete_all "updated_at < '#{time.ago.to_s(:db)}' OR
created_at < '#{2.days.ago.to_s(:db)}'"
</ruby>
Please sign in to comment.
Something went wrong with that request. Please try again.