diff options
| author | प्रथमेश Sonpatki <csonpatki@gmail.com> | 2017-09-13 12:32:48 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-09-13 12:32:48 +0530 |
| commit | 770970fbe226dd70f96cbc15de56da075cd5a50f (patch) | |
| tree | fb5c6857b78a09e6dc8c010ed4e1be2fe3022d9e /guides/source/security.md | |
| parent | 5af7d475c8cd7d3dbffca7452f3dcb221896e8e5 (diff) | |
| parent | 70bb0cc2ec9ab13f362a2cc9d414c8622c74e796 (diff) | |
| download | rails-770970fbe226dd70f96cbc15de56da075cd5a50f.tar.gz rails-770970fbe226dd70f96cbc15de56da075cd5a50f.tar.bz2 rails-770970fbe226dd70f96cbc15de56da075cd5a50f.zip | |
Merge pull request #30587 from ydakuka/fix-created-at
Fix created_at [ci skip]
Diffstat (limited to 'guides/source/security.md')
| -rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index d0d7e12b0a..882daa9806 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -189,7 +189,7 @@ class Session < ApplicationRecord end ``` -The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a created_at column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above: +The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a `created_at` column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above: ```ruby delete_all "updated_at < '#{time.ago.to_s(:db)}' OR |