rack-deadline
v1.0.1RubyGems· Rubyrack-deadline is a simple rack middleware that automatically clears sessions that have been open too long (by default, 1 day). This is designed for use with cookie stores to mitigate the risk of session fixation, since it is impossible to invalidate older sessions with a pure cookie-based approach. It is impossible to enforce a deadline with the standard rack cookie session API. The expire_after setting is not part of the session itself (it's part of the cookie, and not cryptographically signed), and an attacker who has access to a previous cookie can just omit it when making a request. This stores a deadline inside the crytographically signed session, and once the deadline is passed, the session will no longer be valid.
The verdict
Abandoned. Last published 11 years ago. No recent activity — look for a maintained alternative.
No recent activity — look for a maintained alternative.
Live from the RubyGems registry · derived rules, not AI
How it scores
MaintenanceAbandoned
PopularityNiche
SecurityClean
LicensePermissive
DepsZero deps
Maintenance
Last published 11 years ago.
Popularity
7 downloads / week
Security
No known advisories for this version (OSV).
License
MIT
Dependencies
No runtime dependencies
Recent releases
- 1.0.111 years ago
- 1.0.012 years ago