Simon Willison’s Weblog

Rails 1.2.4: Maintenance release. “Session fixation attacks are mitigated by removing support for URL-based sessions”—I’ve always hated URL-based sessions; I’d be interested to hear if their removal from Rails causes legitimate problems for anyone.

Posted 5th October 2007 at 11:42 pm

Recent articles

Weeknotes: datasette-enrichments, datasette-comments, sqlite-chronicle - 8th December 2023
Datasette Enrichments: a new plugin framework for augmenting your data - 1st December 2023
llamafile is the new best way to run a LLM on your own computer - 29th November 2023
Prompt injection explained, November 2023 edition - 27th November 2023
I'm on the Newsroom Robots podcast, with thoughts on the OpenAI board - 25th November 2023
Weeknotes: DevDay, GitHub Universe, OpenAI chaos - 22nd November 2023

rails 70 security 423 sessionfixation 2 sessions 6