Explicitly creating new sessions


When reading Agile Web Devlopment with Rails book, at the end of section
21.3 (avoiding session fixation attacks) it states: “…you should
consider creating a new session every time someone logs in.”

But how would you do such a thing? When I look through the API docs, I
only see functions for enabling/disabling session management for certain
actions, nothing about explicitly triggering a new session to be



I am wondering the same thing as Jevan here but could not find any
answer to his question or a resources that explains how to start a
new session and keep the current session’s value.

I’d be grateful if anyone could provide a solution.



Am 16.02.2006 um 20:25 schrieb Jevan Gray: