Explicitly creating new sessions


#1

When reading Agile Web Devlopment with Rails book, at the end of section
21.3 (avoiding session fixation attacks) it states: “…you should
consider creating a new session every time someone logs in.”

But how would you do such a thing? When I look through the API docs, I
only see functions for enabling/disabling session management for certain
actions, nothing about explicitly triggering a new session to be
created.


#2

Hi

I am wondering the same thing as Jevan here but could not find any
answer to his question or a resources that explains how to start a
new session and keep the current session’s value.

I’d be grateful if anyone could provide a solution.

Regards,

Manuel

Am 16.02.2006 um 20:25 schrieb Jevan Gray: