set :protection, :except => :path_traversal
set :protection, :except => [:path_traversal, :session_hijacking]
:sessionshas been enabled.
Sometimes you want to set up sessions on your own, though.
In that case you can get it to set up session
based protections by passing the
use Rack::Session::Pool set :protection, :session => true
Casiano Rodriguez León 2015-01-07