Class Brakeman::CheckSessionSettings
In: lib/brakeman/checks/check_session_settings.rb
Parent: Brakeman::BaseCheck

Checks for session key length and http_only settings

Methods

Public Class methods

Public Instance methods

Looks for ActionController::Base.session = { … } in Rails 2.x apps

and App::Application.config.secret_token = in Rails 3.x apps

and App::Application.config.secret_key_base = in Rails 4.x apps

Looks for Rails3::Application.config.session_store :cookie_store, { … } in Rails 3.x apps

[Validate]