Skip to content
Browse files

Fixed typo in code for Session Expiry

  • Loading branch information...
1 parent 4808875 commit 6f6a24eaa821d02bb377b809ef58b17730193846 @kotfu kotfu committed with fxn
Showing with 1 addition and 1 deletion.
  1. +1 −1 railties/guides/source/security.textile
2 railties/guides/source/security.textile
@@ -166,7 +166,7 @@ end
The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a created_at column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above:
-delete_all "updated_at < '#{time.to_s(:db)}' OR
+delete_all "updated_at < '#{time.ago.to_s(:db)}' OR
created_at < '#{2.days.ago.to_s(:db)}'"

0 comments on commit 6f6a24e

Please sign in to comment.
Something went wrong with that request. Please try again.