Ask A Question

Notifications

You’re not receiving notifications from this thread.

Cookie Replay Attack

Udaykumar asked in Rails
Udaykumar Udaykumar

In this scenario, there is a Rails Application with a valid user logged in, and the server issued a session cookie, SESSION-ID, to the user. If the SESSION-ID is the cookie that identifies the session of the user, the attacker can use the SESSION-ID cookie value to log in as the valid user.

How can we Prevent

if You have a solution. Please call me on this Number: 8780642082.

Reply
Chris Oliver Chris Oliver

Rails guides talk a bit about how you solve this: https://guides.rubyonrails.org/security.html#replay-attacks-for-cookiestore-sessions

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 82,464+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.