Displaying 2 results from an estimated 2 matches for "generate_unique_id".
2007 Mar 01
4
Cookie based session management problems
...to survive
the first redirect. I added the following code to environment.rb, based
on Ryan''s (http://www.ryandaigle.com/) note:
config.action_controller.session = {
:session_key => ''_<%= app_name %>_session'',
:secret => ''<%= CGI::Session.generate_unique_id(app_name) %>''
}
The problem is probably related to the fact that the embedded ruby is
not getting processed. The generated cookie is
NAME: _<%
VALUE app_name %>_session...
What am I missing? (I''m in dev mode, btw).
TIA,
Keith
--
Posted via http://www.ruby-forum.com/...
2007 Mar 30
7
Some additional attacks on Cookie Session
Aside from the replay attacks discussed, there are some other attack
vectors on the cookie_session store.
I appreciate (and admire!) Jeremy''s good humor on all of this:
> Planting the seed here led to quick ripening and plenty of pesticide.
> Thanks for the fish, all.
>
> jeremy
Anyway, here''s what we came up with:
1. Brute Force
SHA512 can be computed _very_ fast.