Class | Brakeman::CheckSessionSettings |
In: |
lib/brakeman/checks/check_session_settings.rb
|
Parent: | Brakeman::BaseCheck |
Checks for session key length and http_only settings
Looks for ActionController::Base.session = { … } in Rails 2.x apps
and App::Application.config.secret_token = in Rails 3.x apps
and App::Application.config.secret_key_base = in Rails 4.x apps