This extension is part of the Rack::Protection project. Run gem install rack-protection to have it available.
- Prevented attack
-
Session Hijacking
- Supported browsers
-
all
- More infos
- </dl>
Tracks request properties like the user agent in the session and empties the session if those properties change. This essentially prevents attacks from Firesheep. Since all headers taken into consideration can be spoofed, too, this will not prevent determined hijacking attempts.