a few days back there was a big news in renowned german IT forum that rails session cookies can be stolen. in principal that is right since the server has no way to terminate a cookie or session associated to a cookie.
coming from java there server side session have idle session timeout (default 30min) and as a developer I do not need to do anything to enforce this !!! it would be great if these encrypted cookies would have build in TTL with that stealing of cookies has less impact and overall the application itself gets a nice extra security - per default.
a few days back there was a big news in renowned german IT forum that rails session cookies can be stolen. in principal that is right since the server has no way to terminate a cookie or session associated to a cookie.
coming from java there server side session have idle session timeout (default 30min) and as a developer I do not need to do anything to enforce this !!! it would be great if these encrypted cookies would have build in TTL with that stealing of cookies has less impact and overall the application itself gets a nice extra security - per default.