const classafSleepSafe::SessionHijackGuard

sys::Obj
  afSleepSafe::SessionHijackGuard : afSleepSafe::Guard

Guards against Session hijacking by caching browser user-agent parameters and checking them on each request. The session is dropped and request rejected should the parameters change.

IoC Configuration

afIocConfig Key	Value
`afSleepSafe.sessionHijackHeaders`	CSV of request headers that are to be cached and compared. Defaults to `User-Agent, Accept-Language`.
`afSleepSafe.sessionHijackEncrypt`	If `true` (the default) then a hash of the header parameters is cached, and not the actual parameter values themselves. This is a security measure against the server / database being breached.

Example:

@Contribute { serviceType=ApplicationDefaults# }
Void contributeAppDefaults(Configuration config) {
    config["afSleepSafe.csrfTokenName"]    = "clickFast"
    config["afSleepSafe.csrfTokenTimeout"] = 2sec
}

To disable, remove this class from the SleepSafeMiddleware configuration:

@Contribute { serviceType=SleepSafeMiddleware# }
Void contributeSleepSafeMiddleware(Configuration config) {
    config.remove(SessionHijackGuard#)
}