Categories: None [Edit]

rack-deadline

https://rubygems.org/gems/rack-deadline
https://github.com/jeremyevans/rack-deadline
rack-deadline is a simple rack middleware that automatically clears sessions that have been open too long (by default, 1 day). This is designed for use with cookie stores to mitigate the risk of session fixation, since it is impossible to invalidate older sessions with a pure cookie-based approach. It is impossible to enforce a deadline with the standard rack cookie session API. The expire_after setting is not part of the session itself (it's part of the cookie, and not cryptographically signed), and an attacker who has access to a previous cookie can just omit it when making a request. This stores a deadline inside the crytographically signed session, and once the deadline is passed, the session will no longer be valid.

Total

Ranking: 111,873 of 183,471
Downloads: 5,854

Daily

Ranking: 61,367 of 183,459
Downloads: 0

Depended by

RankDownloadsName

Depends on

RankDownloadsName

Owners

#GravatarHandle
1iconjeremyevans