Menu
I have a Sinatra app, that uses omniauth which constantantly gets this error
attack prevented by Rack::Protection::SessionHijacking
when I try and log in (using a google account).
It works fine in other versions of IE, and on chrome/firefox/safari.
My setup is
rack (1.4.1)
rack-force_domain (0.2.0)
rack-protection (1.2.0)
sinatra (1.3.2)
rack (~> 1.3, >= 1.3.6)
rack-protection (~> 1.2)
tilt (~> 1.3, >= 1.3.3)
omniauth (1.0.3)
hashie (~> 1.2)
rack
omniauth-google-oauth2 (0.1.9)
omniauth (~> 1.0)
omniauth-oauth2
omniauth-oauth2 (1.0.0)
oauth2 (~> 0.5.0)
omniauth (~> 1.0)
Anyone know why this happens?
244
This module tracks properties like USER_AGENT and similar (you can check them here: https://github.com/rkh/rack-protection/blob/master/lib/rack/protection/session_hijacking.rb). This error you get, is probably due the one of those properties are changed during the session. Try to test if everything works with just this module disabled:
set :protection, except: :session_hijacking
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
