Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session management check is reporting a false positive when :active_record_store is used #187

Open
monfresh opened this issue Jan 28, 2016 · 4 comments
Open

Session management check is reporting a false positive when :active_record_store is used #187

monfresh opened this issue Jan 28, 2016 · 4 comments
Assignees
@thesp0nge
Labels
enhancement hacktoberfest

Comments

@monfresh
Copy link

In my app, I have Rails.application.config.session_store :active_record_store in my config/initializers/session_store.rb, but dawnscanner still reported the Owasp Ror CheatSheet Session management issue.

It looks like this is due to the attack_pattern only looking for Application.config.session_store and not Rails.application.config.session_store
@thesp0nge thesp0nge added this to the v1-5-5 milestone Jan 28, 2016
@thesp0nge thesp0nge self-assigned this Jan 28, 2016
@jasnow
Copy link
Contributor

jasnow commented Feb 28, 2016

An issue for me too.

@cameronbourgeois
Copy link

+1

@OlivierGrimard
Copy link

+1

@mariohmol
Copy link

HI everyone, i'm having this issue as well..

one question, if we use Rails.application.config.session_store ActionDispatch::Session::CacheStore this will have the same effect and will make the report to pass.. no?

@thesp0nge thesp0nge removed this from the v1-7-0 milestone Apr 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thesp0nge thesp0nge

Labels
enhancement hacktoberfest
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jasnow @OlivierGrimard @thesp0nge @monfresh @cameronbourgeois @mariohmol