Skip to content
Browse files

make session hijacking middleware ignore case, fixes #11

  • Loading branch information...
1 parent 4a771b6 commit ec001e263810ef52e93ced754ff3dc0a0cea43d4 @rkh rkh committed
Showing with 16 additions and 1 deletion.
  1. +2 −1 lib/rack/protection/session_hijacking.rb
  2. +14 −0 spec/session_hijacking_spec.rb
View
3 lib/rack/protection/session_hijacking.rb
@@ -28,7 +28,8 @@ def accepts?(env)
end
def encrypt(value)
- options[:encrypt_tracking] ? super(value) : value.to_s
+ value = value.to_s.downcase
+ options[:encrypt_tracking] ? super(value) : value
end
end
end
View
14 spec/session_hijacking_spec.rb
@@ -31,6 +31,20 @@
session.should be_empty
end
+ it "accepts requests with the same Accept-Language header" do
+ session = {:foo => :bar}
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
+ session.should_not be_empty
+ end
+
+ it "comparison of Accept-Language header is not case sensitive" do
+ session = {:foo => :bar}
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'a'
+ get '/', {}, 'rack.session' => session, 'HTTP_ACCEPT_LANGUAGE' => 'A'
+ session.should_not be_empty
+ end
+
it "accepts requests with a changing Version header"do
session = {:foo => :bar}
get '/', {}, 'rack.session' => session, 'HTTP_VERSION' => '1.0'

0 comments on commit ec001e2

Please sign in to comment.
Something went wrong with that request. Please try again.