Ticket #488 (closed defect: duplicate)

Opened 10 months ago

Last modified 10 months ago

Cleaned up a FIXME => Controller.rb line 94 - Seedable Session Routes

Reported by: coryodani..@gmail.com Assigned to:
Priority: major Milestone: The Future
Component: Merb Keywords:
Cc:

Description

I patched this in originally in like version 0.3... Notice there was a fixme for it, it was using the controller name and action name compared to a whitelist of URLs that would allow the session to be set from the client (session_id_cookie_only on a path by path basis).

This patch cleans that up and takes the whitelist out of the merb.yml file. Now a function Route#fixatable exists. Any route in router.rb can have fixatable added to the end (r.default_routes.fixatable) to allow that route to allow session fixation or session id seeding.

Attachments

fixation_patch.diff (3.1 kB) - added by coryodani..@gmail.com on 01/29/08 14:03:05.
Route-by-route session fixation

Change History

01/29/08 14:03:05 changed by coryodani..@gmail.com

  • attachment fixation_patch.diff added.

Route-by-route session fixation

02/11/08 13:49:52 changed by shayarne..@gmail.com

  • status changed from new to closed.
  • resolution set to duplicate.

moved to http://merb.lighthouseapp.com