GitHub User: gabrielso
Site: http://www.caelum.com.br
-
watch on iTunes
-
follow on Twitter
-
follow on Facebook
-
subscribe to RSS feed
watch on iTunes
follow on Twitter
follow on Facebook
subscribe to RSS feed
disclaimer: the cookie injection code is only an example.
The :auth_token is "text plain" accessible in the cookie (since signing it would not help), capturing it would give access (a valid current_user) to any one who knows how to inject it later, no need to a password-based authorization process... wouldn't be wise to generate a new :auth_token for the current_user and save it before SessionsController#destroy?
(e.g.: you can inspect the cookie once and then later in any javascript console -> document.cookie("auth_token=7h3$u53r&H45H"); )
-> Kind of have no time to read all the comments, sorry if the subject have already been discussed.