Please sign in to comment.
New integrations tests for #2016 - Fix for session ID fixation issue in
ActiveRecord::SessionStore These new tests make sure that an invalid session ID is never materialized into a new session, regardless of whether it comes in via a cookie or a URL parameter (when :cookie_only => false).
- Loading branch information...
Showing with 31 additions and 0 deletions.