GHSA-P4C6-77GC-694X session fixation protection mechanism in cgi_process.rb in Rails

The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...

session fixation protection mechanism in cgi_process.rb in Rails

The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...

CVE-2007-6077

The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...

CVE-2007-6077

The CVE-2007-6077 issue affects Ruby on Rails (Rails 1.2.4) in the session handling code: the session fixation protection in cgi_process.rb removes the :cookie_only attribute from DEFAULT_SESSION_OPTIONS, causing cookie_only to apply only to the first CgiRequest instance. This enables remote atta...