Simon Willison’s Weblog

Rails 1.2.4: Maintenance release. “Session fixation attacks are mitigated by removing support for URL-based sessions”—I’ve always hated URL-based sessions; I’d be interested to hear if their removal from Rails causes legitimate problems for anyone.

Posted 5th October 2007 at 11:42 pm

Recent articles

OpenAI DevDay 2025 live blog - 6th October 2025
Embracing the parallel coding agent lifestyle - 5th October 2025
Designing agentic loops - 30th September 2025

rails 72 security 551 sessionfixation 2 sessions 6

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe