Google Mail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
Ruby on Rails: Talk
Home
+ new post
About this group
Join this group
config.action_controller.sessi on_options[:cookie_only] = true
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   1 message - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Follow-up To:
Add Cc | Add Follow-up to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers that you hear
 
Suki  
View profile   Translate to Translated (View Original)
 More options 5 Nov, 15:02
From: Suki <sukio...@gmail.com>
Date: Thu, 5 Nov 2009 07:02:18 -0800 (PST)
Local: Thurs 5 Nov 2009 15:02
Subject: config.action_controller.session_options [:cookie_only] = true
Reply | Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
Recently, I got this security vulnerability on my app:

 Ruby on Rails Multiple Method Session Fixation
      Synopsis :

      The remote web server is affected by a session fixation
vulnerability.

      Description :

      The web server on the remote host appears to be a version of
Ruby on
      Rails that supports URL-based sessions. An unauthenticated
remote
      attacker may be able to leverage this issue to obtain an
authenticated
      session.

      Note that Ruby on Rails version 1.2.4 was initially supposed to
      address this issue, but its session fixation logic only works
for the
      first request, when CgiRequest is first instantiated.

      See also :

      http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
      http://www.nessus.org/u?2f5b72e6
      http://dev.rubyonrails.org/ticket/10048
      http://www.nessus.org/u?1eeea9de

      Solution :

      Upgrade to Ruby on Rails version 1.2.6 or later and make sure
      'config.action_controller.session_options[:cookie_only]' is set
to
      'true' in the 'config/environment.rb' file.

I checked my rails version: it is already 1.2.6. Then I un-comment
this line in environment.rb
config.action_controller.session_options[:cookie_only] = true

I got the following:

Error message:
    You have a nil object when you didn't expect it! You might have
expected an instance of Array. The error occurred while evaluating nil.
[]=
Exception class:
    NoMethodError

Can anyone help me understand what is going on here?


    Reply    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message, you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google