Clearance v1.16.0 Release Notes

Release Date: 2017-11-02 // over 6 years ago
  • 🔒 Security

    • Clearance users can now help prevent session fixation attacks by setting Clearance.configuration.rotate_csrf_on_sign_in to true. This will cause the user's CSRF token to be rotated on sign in and is recommended for all Clearance applications. This setting will default to true in Clearance 2.0. Clearance will emit a warning on each sign in until this configuration setting is explicitly set to true or false.