Class | Rack::Protection::CookieTossing |
In: |
lib/rack/protection/cookie_tossing.rb
|
Parent: | Base |
Prevented attack: | Cookie Tossing |
Supported browsers: | all |
More infos: | github.com/blog/1466-yummy-cookies-across-domains |
Does not accept HTTP requests if the HTTP_COOKIE header contains more than one session cookie. This does not protect against a cookie overflow attack.
Options:
session_key: | The name of the session cookie (default: ‘rack.session’) |