diff options
| author | Aditya Sanghi <asanghi@me.com> | 2010-11-29 21:40:39 +0530 |
|---|---|---|
| committer | Aditya Sanghi <asanghi@me.com> | 2010-11-29 21:40:39 +0530 |
| commit | 6308f1f0fc5d85963e90787190e1164da7ac364e (patch) | |
| tree | a2b8a7f2ca91309fc1a73d51765cc4a9f4c31c9d | |
| parent | 2025775adb12371456d987d229513912c6381cc6 (diff) | |
| parent | 1ef9ddde90a6a10099faecc93542335c437cfb09 (diff) | |
| download | rails-6308f1f0fc5d85963e90787190e1164da7ac364e.tar.gz rails-6308f1f0fc5d85963e90787190e1164da7ac364e.tar.bz2 rails-6308f1f0fc5d85963e90787190e1164da7ac364e.zip | |
Merge branch 'master' of https://github.com/kotfu/docrails into kotfu-master
| -rw-r--r-- | railties/guides/source/security.textile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index 5b24d8c8e3..528c8861d4 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -166,7 +166,7 @@ end The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a created_at column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above: <ruby> -delete_all "updated_at < '#{time.to_s(:db)}' OR +delete_all "updated_at < '#{time.ago.to_s(:db)}' OR created_at < '#{2.days.ago.to_s(:db)}'" </ruby> |