Use session token to prevent replay attacks

mhartl · mhartl · commit 7cb06e0470cf · 2022-04-12T07:25:33.000-07:00
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
@@ -59,4 +59,4 @@ def log_out
   def store_location
     session[:forwarding_url] = request.original_url if request.get?
   end
-end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -120,4 +120,4 @@ def create_activation_digest
       self.activation_token  = User.new_token
       self.activation_digest = User.digest(activation_token)
     end
-end
+end
