diff options
Diffstat (limited to 'guides/source')
| -rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index d0d7e12b0a..882daa9806 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -189,7 +189,7 @@ class Session < ApplicationRecord end ``` -The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a created_at column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above: +The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a `created_at` column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above: ```ruby delete_all "updated_at < '#{time.ago.to_s(:db)}' OR |