This extension is part of the Rack::Protection project. Run gem install rack-protection to have it available.


Prevented attack

Cookie Tossing

Supported browsers

all

More infos

github.com/blog/1466-yummy-cookies-across-domains

</dl>

Does not accept HTTP requests if the HTTP_COOKIE header contains more than one session cookie. This does not protect against a cookie overflow attack.

Options:

session_key

The name of the session cookie (default: 'rack.session')

</dl>