Ruby on Rails Cookie Session Storage


Cookie Session Storage

Since Rails 2.0 by default the session data is stored in the cookie

session storage
Learn Ruby on Rails - Ruby on Rails tutorial - session storage - Ruby on Rails examples - Ruby On Rails programs

Base64(CGI::escape(SESSION-DATA))--HMAC(secret_key, SESSION-DATA)

session storage
Learn Ruby on Rails - Ruby on Rails tutorial - session storage - Ruby on Rails examples - Ruby On Rails programs

Security implications

  • The user can view the session data in plain text
  • The HMAC can be brute-forced and arbitrary session data could be created
  • Replay attacks are easier as you cannot flush the client-side session

Countermeasures

  • Don’t store important data in the session!
  • Use a strong password,
  • Rails already forces at least 30 characters
  • Invalidate sessions after certain time on the server side

Rails default session secret

default session
Learn Ruby on Rails - Ruby on Rails tutorial - default session - Ruby on Rails examples - Ruby On Rails programs

Set HTTPS only cookies

Http cookies
Learn Ruby on Rails - Ruby on Rails tutorial - Http cookies - Ruby on Rails examples - Ruby On Rails programs

Related Searches to Ruby on Rails Cookie Session Storage

rails 5 session storerails cookie storerails session store optionsrails activerecord session storerails session_storerails redis session storerails session vs cookierails session idrails session variables
Wikitechy Rated 5 / 5 based on 378284 reviews.
Wikitechy-logo

World's No 1 Animated self learning Website with Informative tutorials explaining the code and the choices behind it all.

Wikitechy

About Us
Terms of Use
Privacy Policy
Contact Us

Workshop

Webinar

Join our Community

Advertise

Other Languages

English
Chinese
Deutsch
Russian

© 2016 - 2024 KaaShiv InfoTech, All rights reserved. Powered by Inplant Training in chennai | Internship in chennai