activerecord-session_store
activerecord-session_store copied to clipboard
rails
Active Record's Session Store extracted from Rails
I am finding that without https://github.com/rails/activerecord-session_store/issues/172 the session id regenerates when it should not. So on new pages, I get new session ids. 172 fixes that, but then I get...
When penetration testing I discovered that if a public session ID contains an invalid byte sequence the following error occurs: ``` Error during failsafe response: invalid byte sequence in UTF-8...
Removing sessions created before the cutoff period. Otherwise, an attacker could extend the session forever. It's the Rails guide recommendation: https://guides.rubyonrails.org/security.html#session-fixation-countermeasures
Hi, after migrating some application with [activerecord-session_store](https://github.com/rails/activerecord-session_store) from Rails 6.1.7 to 7.1.3.4, the SameSite attribute is missing in cookies: ``` curl -v http://localhost:3000 ... < set-cookie: _cta_session=9f0ec74db42eb11e0434f81fc257c348; path=/; httponly ......
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit...
This brings the `ActiveRecordStore` in line with the `CookieStore` that ships with Rails. (see: https://github.com/rails/rails/pull/45501) `ActionDispatch::Session::ActiveRecordStore` passes along whatever options it was configure with, and by default that DOES NOT...
I'm working on removing queries in my application that should be going through the SchemaCache in production but currently are not. I found that the `sessions` table is being queried...
