[potomak]

See also comments on HN[1] about an "old" post[2] from Hongli Lai (Phusion) about this topic.

[1] https://news.ycombinator.com/item?id=5007530

[2] http://blog.phusion.nl/2013/01/04/securing-the-rails-session...