Is Rails 2.1 "protect_from_forgery" == csrf_killer plugin?

Just would like to verify:

Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from
Rick O.?

Thanks,
Wes

On 6 Sep 2008, at 07:08, Wes G. [email protected]
wrote:

Just would like to verify:

Is protect_from_forgery (in Rails 2.1) == the csrf_killer plugin from
Rick O.?

Yup, it was merged in in rails 2.0

Fred

Thanks, Frederick.

Follow - up: Is there anything that precludes using protect_from_forgery
with a DB session store?

Wes

On 6 Sep 2008, at 20:04, Wes G. wrote:

Thanks, Frederick.

Follow - up: Is there anything that precludes using
protect_from_forgery
with a DB session store?

nope (you do however need to pass a secret to protect_from_forgery)

Fred

Yeah, I just verified that.

Sorry, I should have tested it first.