Sinatra application using omniauth gets Rack :: Protection :: SessionHijacking in ie9

Question

Sinatra application using omniauth gets Rack :: Protection :: SessionHijacking in ie9

I have a Sinatra application that uses omniauth that constantly gets this error

attack prevented by Rack::Protection::SessionHijacking

when i try to login (using google account).

It works great in other versions of IE, as well as on chrome / firefox / safari.

My setting

 rack (1.4.1) rack-force_domain (0.2.0) rack-protection (1.2.0) sinatra (1.3.2) rack (~> 1.3, >= 1.3.6) rack-protection (~> 1.2) tilt (~> 1.3, >= 1.3.3) omniauth (1.0.3) hashie (~> 1.2) rack omniauth-google-oauth2 (0.1.9) omniauth (~> 1.0) omniauth-oauth2 omniauth-oauth2 (1.0.0) oauth2 (~> 0.5.0) omniauth (~> 1.0)

Does anyone know why this is happening?

+6

internet-explorer rack sinatra omniauth

zlog Apr 11 '12 at 9:02

source share

2 answers

You can try updating your stand cover to version 1.5.2 or 1.5.3 (latest version).

They removed the HTTP_ACCEPT_ENCODING snooping from the session_hijacking library.

0

fedeonline 18 sept. '14 at 6:56

source share

Ernest · Accepted Answer · 2012-04-11T09:12:40+0000

This module monitors properties like USER_AGENT and similar (you can check them here: https://github.com/rkh/rack-protection/blob/master/lib/rack/protection/session_hijacking.rb ). This error you are getting is probably due to a change in one of these properties during the session. Try to test if everything works only with this module disabled:

 set :protection, except: :session_hijacking

Sinatra application using omniauth gets Rack :: Protection :: SessionHijacking in ie9

More articles: