v1.16.0
Security
- Clearance users can now help prevent session fixation attacks by setting
Clearance.configuration.rotate_csrf_on_sign_in
totrue
. This will cause
the user's CSRF token to be rotated on sign in and is recommended for all
Clearance applications. This setting will default totrue
in Clearance 2.0.
Clearance will emit a warning on each sign in until this configuration setting
is explicitly set totrue
orfalse
.