disable :protection
set :protection, :except => :path_traversal
set :protection, :except => [:path_traversal, :session_hijacking]
:sessions
has been enabled.
Sometimes you want to set up sessions on your own, though.
In that case you can get it to set up session
based protections by passing the :session option
:
use Rack::Session::Pool set :protection, :session => true
Casiano Rodriguez León 2015-01-07