I have a Sinatra app, that uses omniauth which constantantly gets this error attack

Question

0

Asked: June 1, 20262026-06-01T15:37:29+00:00 2026-06-01T15:37:29+00:00

I have a Sinatra app, that uses omniauth which constantantly gets this error attack

0

I have a Sinatra app, that uses omniauth which constantantly gets this error

attack prevented by Rack::Protection::SessionHijacking

when I try and log in (using a google account).

It works fine in other versions of IE, and on chrome/firefox/safari.

My setup is

rack (1.4.1)
rack-force_domain (0.2.0)
rack-protection (1.2.0)

sinatra (1.3.2)
  rack (~> 1.3, >= 1.3.6)
  rack-protection (~> 1.2)
  tilt (~> 1.3, >= 1.3.3)
omniauth (1.0.3)
  hashie (~> 1.2)
  rack

omniauth-google-oauth2 (0.1.9)
  omniauth (~> 1.0)
  omniauth-oauth2
omniauth-oauth2 (1.0.0)
  oauth2 (~> 0.5.0)
  omniauth (~> 1.0)

Anyone know why this happens?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T15:37:31+00:00

Editorial Team

2026-06-01T15:37:31+00:00Added an answer on June 1, 2026 at 3:37 pm

This module tracks properties like USER_AGENT and similar (you can check them here: https://github.com/rkh/rack-protection/blob/master/lib/rack/protection/session_hijacking.rb). This error you get, is probably due the one of those properties are changed during the session.
Try to test if everything works with just this module disabled:

set :protection, except: :session_hijacking

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a Sinatra app, that uses omniauth which constantantly gets this error attack

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply