Closed jkowens closed 8 years ago
Mitigate malicious session cookies set on a subdomain from being read by the parent domain. Resolves sinatra/sinatra#1155.
I've set the default reaction to deny the request, but I've added a method so that it could be configured to redirect as described in the Github blog.
use Rack::Protection::CookieTossing, :reaction => :redirect
There is also an option to set the session cookie name (the default is rack.session):
rack.session
use Rack::Protection::CookieTossing, :session_key => '_session'
@jkowens Thank you!
Mitigate malicious session cookies set on a subdomain from being read by the parent domain. Resolves sinatra/sinatra#1155.
I've set the default reaction to deny the request, but I've added a method so that it could be configured to redirect as described in the Github blog.
There is also an option to set the session cookie name (the default is
rack.session
):