Aaron Patterson
https://speakerdeck.com/u/tenderlove/p/aloha-ruby-conference-2012
Zach Holman
Aaron Patterson
https://speakerdeck.com/u/tenderlove/p/aloha-ruby-conference-2012
Zach Holman
SameSite=strict
cookies is another layer to help prevent CSRF attacts in newer browsers
(at least 5, no clue about earlier versions)
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,3 +1,3 @@