DEVHIDE
Login Or Sign up

Does using Redis as a session store will mitigate session replay attacks?

202 Views Asked by At

In Ruby on Rails security docs it written that using CookieStore as the session store is open to replay attack: http://guides.rubyonrails.org/security.html#replay-attacks-for-cookiestore-sessions

  1. Is it true if I only save the session_id?
  2. Does changing the session store to Redis will mitigate the vulnerability? see this commit: https://gitlab.com/gitlab-org/gitlab-ce/commit/ba7c1764be87f272759471bde01b92dcc147e952
ruby-on-rails security redis owasp session-store
Original Q&A
0

There are 0 best solutions below

Related Questions in RUBY-ON-RAILS

Related Questions in SECURITY

Related Questions in REDIS

Related Questions in OWASP

Related Questions in SESSION-STORE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.