kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Merge branch 'master' of https://github.com/kotfu/docrails into kotfu-master

Browse source
This commit is contained in:
Aditya Sanghi 2010-11-29 21:40:39 +05:30
commit 6308f1f0fc
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
railties/guides/source/security.textile
View file

@ -166,7 +166,7 @@ end
The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a created_at column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above:
<ruby>
delete_all "updated_at < '#{time.to_s(:db)}' OR
delete_all "updated_at < '#{time.ago.to_s(:db)}' OR
created_at < '#{2.days.ago.to_s(:db)}'"
</ruby>