kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/app/controllers/profiles/active_sessions_controller.rb
Imre Farkas 038d530565
Remove ability to revoke active session 
Session ID is used as a parameter for the revoke session endpoint but it
should never be included in the HTML as an attacker could obtain it via
XSS.
2019-02-27 11:45:27 +01:00

7 lines
203 B
Ruby
Raw Blame History

# frozen_string_literal: true
class Profiles::ActiveSessionsController < Profiles::ApplicationController
def index
@sessions = ActiveSession.list(current_user).reject(&:is_impersonated)
end
end
View git blame Copy permalink