diff options
author | Jared Crapo <jared@kotfu.net> | 2010-10-21 11:56:36 -0700 |
---|---|---|
committer | Jared Crapo <jared@kotfu.net> | 2010-10-21 11:56:36 -0700 |
commit | 1ef9ddde90a6a10099faecc93542335c437cfb09 (patch) | |
tree | 571a827becc2e1d11f244213d84d99bc88856f4f /railties/guides/source/security.textile | |
parent | a04b2131de72c03d9b2568c282585629e08bb692 (diff) | |
download | rails-1ef9ddde90a6a10099faecc93542335c437cfb09.tar.gz rails-1ef9ddde90a6a10099faecc93542335c437cfb09.tar.bz2 rails-1ef9ddde90a6a10099faecc93542335c437cfb09.zip |
Fixed typo in code for Session Expiry
Diffstat (limited to 'railties/guides/source/security.textile')
-rw-r--r-- | railties/guides/source/security.textile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index 4656cf4e40..e2103959ac 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -166,7 +166,7 @@ end The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a created_at column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above: <ruby> -delete_all "updated_at < '#{time.to_s(:db)}' OR +delete_all "updated_at < '#{time.ago.to_s(:db)}' OR created_at < '#{2.days.ago.to_s(:db)}'" </ruby> |