Class Rack::Protection::CookieTossing
In: lib/rack/protection/cookie_tossing.rb
Parent: Base
Prevented attack:Cookie Tossing
Supported browsers:all
More infos:github.com/blog/1466-yummy-cookies-across-domains

Does not accept HTTP requests if the HTTP_COOKIE header contains more than one session cookie. This does not protect against a cookie overflow attack.

Options:

session_key:The name of the session cookie (default: ‘rack.session’)

Methods

Public Instance methods

[Validate]