const classafSleepSafe::SessionHijackGuard
sys::Obj afSleepSafe::SessionHijackGuard : afSleepSafe::Guard
Guards against Session hijacking by caching browser user-agent parameters and checking them on each request. The session is dropped and request rejected should the parameters change.
IoC Configuration
afIocConfig Key | Value |
---|---|
| CSV of request headers that are to be cached and compared. Defaults to |
| If |
Example:
@Contribute { serviceType=ApplicationDefaults# } Void contributeAppDefaults(Configuration config) { config["afSleepSafe.csrfTokenName"] = "clickFast" config["afSleepSafe.csrfTokenTimeout"] = 2sec }
To disable, remove this class from the SleepSafeMiddleware
configuration:
@Contribute { serviceType=SleepSafeMiddleware# } Void contributeSleepSafeMiddleware(Configuration config) { config.remove(SessionHijackGuard#) }