diff options
| author | Jon Leighton <j@jonathanleighton.com> | 2010-12-12 09:55:32 +0000 |
|---|---|---|
| committer | Jon Leighton <j@jonathanleighton.com> | 2010-12-12 09:55:32 +0000 |
| commit | 9a98c766e045aebc2ef6d5b716936b73407f095d (patch) | |
| tree | 899834482c828f31a89ebc7bb6e19cbe0b5f18d3 /railties/guides/source/security.textile | |
| parent | 3a7f43ca6ecf1735e1a82d4a68ac8f62b5cf2fcf (diff) | |
| parent | 307443972c5f6de959a5401eec76ca327484b10c (diff) | |
| download | rails-9a98c766e045aebc2ef6d5b716936b73407f095d.tar.gz rails-9a98c766e045aebc2ef6d5b716936b73407f095d.tar.bz2 rails-9a98c766e045aebc2ef6d5b716936b73407f095d.zip | |
Merge branch 'master' into nested_has_many_through
Conflicts:
activerecord/CHANGELOG
activerecord/lib/active_record/associations/class_methods/join_dependency.rb
activerecord/lib/active_record/associations/class_methods/join_dependency/join_association.rb
activerecord/lib/active_record/associations/has_many_through_association.rb
Diffstat (limited to 'railties/guides/source/security.textile')
| -rw-r--r-- | railties/guides/source/security.textile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index 5b24d8c8e3..528c8861d4 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -166,7 +166,7 @@ end The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a created_at column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above: <ruby> -delete_all "updated_at < '#{time.to_s(:db)}' OR +delete_all "updated_at < '#{time.ago.to_s(:db)}' OR created_at < '#{2.days.ago.to_s(:db)}'" </ruby> |