ruby · Ruby On Rails

Ruby on Rails Security – Protection Flags on Session Cookies

Analysis: When an unsuspecting user visits the site, the JavaScript executes, stealing the ‘sessionId’ cookie and sending it to the malicious user. Using the victim’s session ID, the malicious user can hijack the victim’s session and perform actions on their behalf. Solution and Fix: Add the ‘HttpOnly’ flag to the Set-Cookie directive for the session… Continue reading Ruby on Rails Security – Protection Flags on Session Cookies