Open toraritte opened 6 years ago
From the documentation:
Configures the session. Options :renew - generates a new session id for the cookie :drop - drops the session, a session cookie will not be included in the response :ignore - ignores all changes made to the session in this request cycle
Configures the session.
:renew
:drop
:ignore
Does this mean that a new session_id is generated on each request? Or how else would it be able to prevent fixation attacks?
From the documentation:
Does this mean that a new session_id is generated on each request? Or how else would it be able to prevent fixation attacks?