Categories: None [Edit]
rack-deadline
rack-deadline is a simple rack middleware that automatically
clears sessions that have been open too long (by default,
1 day).
This is designed for use with cookie stores to mitigate the
risk of session fixation, since it is impossible to invalidate
older sessions with a pure cookie-based approach.
It is impossible to enforce a deadline with the standard rack
cookie session API. The expire_after setting is not part of the
session itself (it's part of the cookie, and not cryptographically
signed), and an attacker who has access to a previous cookie can
just omit it when making a request.
This stores a deadline inside the crytographically signed session,
and once the deadline is passed, the session will no longer be valid.
Total
Ranking: 111,873 of 183,471
Downloads: 5,854
Daily
Ranking: 61,367 of 183,459
Downloads: 0
Downloads Trends
Ranking Trends
Num of Versions Trends
Popular Versions (Major)
Popular Versions (Major.Minor)
Depended by
Rank | Downloads | Name |
---|
Depends on
Rank | Downloads | Name |
---|
Owners
# | Gravatar | Handle |
---|---|---|
1 | jeremyevans |