Answer the question
In order to leave comments, you need to log in
A
A
Anton Misyagin2017-02-02 10:09:04
Anton Misyagin, 2017-02-02 10:09:04
Is this Rails.application.config.session_store secret?
app on rails 4.2
config/initializers/session_store.rb
Rails.application.config.session_store :cache_store, key: 'xxxxx-xx-xxxx'Yandex webmaster, when checking the server response, gives the following information about my page:
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200 OK
Cache-Control: max-age=0, private, must-revalidate
ETag: W/"ace83138759503d42"
X-Frame-Options: SAMEORIGIN
X- XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Runtime: 0.123940
X-Request-Id: 3a-c48b-48d9-b5ec7bab6a9a
Date: Thu, 02 Feb 2017 06:55:50 GMT
Set-Cookie: xxxxx-xx -xxxx =yyyyyyyyyyy; path=/; HttpOnly
X-Powered-By: Phusion Passenger 5.0.28
Server: nginx/1.10.0 + Phusion Passenger 5.0.28
Content-Encoding: gzip
Should this information not be available from the outside? How to hide it?
1 answer(s)
@2ord
R
Roman Mirilaczvili, 2017-02-02 @2ord
In my opinion, this should be secret to everyone except the web client itself, because cookies are personal.
guides.rubyonrails.org/v4.2/security.html#session-...
Similar questions
A
G
A
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question