Last active
February 11, 2017 18:49
-
-
Save nhooyr/7741caa85ebe23955983218c05da4c3c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In the "logging in" section of Programming Phoenix, | |
it says that using the :renew option to configure_session | |
is important to prevent session fixation attacks. However, aren't | |
these already impossible because the cookie that phoenix is storing | |
the session inside is signed? How could an attacker fixate the session ID? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment