When reading Agile Web Devlopment with Rails book, at the end of section
21.3 (avoiding session fixation attacks) it states: “…you should
consider creating a new session every time someone logs in.”
But how would you do such a thing? When I look through the API docs, I
only see functions for enabling/disabling session management for certain
actions, nothing about explicitly triggering a new session to be
created.