From 1ef9ddde90a6a10099faecc93542335c437cfb09 Mon Sep 17 00:00:00 2001
From: Jared Crapo <jared@kotfu.net>
Date: Thu, 21 Oct 2010 11:56:36 -0700
Subject: Fixed typo in code for Session Expiry

---
 railties/guides/source/security.textile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'railties/guides')

diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile
index 4656cf4e40..e2103959ac 100644
--- a/railties/guides/source/security.textile
+++ b/railties/guides/source/security.textile
@@ -166,7 +166,7 @@ end
 The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a created_at column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above:
 
 <ruby>
-delete_all "updated_at < '#{time.to_s(:db)}' OR
+delete_all "updated_at < '#{time.ago.to_s(:db)}' OR
   created_at < '#{2.days.ago.to_s(:db)}'"
 </ruby>
 
-- 
cgit v1.2.3