search for: 2f5b72e6

...sion 1.2.4 was initially supposed to address this issue, but its session fixation logic only works for the first request, when CgiRequest is first instantiated. See also : http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release http://www.nessus.org/u?2f5b72e6 http://dev.rubyonrails.org/ticket/10048 http://www.nessus.org/u?1eeea9de Solution : Upgrade to Ruby on Rails version 1.2.6 or later and make sure ''config.action_controller.session_options[:cookie_only]'' is set to ''true'' in th...