This is the companion code to my blog post that describes how a Rails app can be vulnerable to a session replay attack; and how one can guard against it.
The master branch is vulnerable to a session replay attack and the session-replay-fixed branch contains the fix for the vulnerability.
This project is available under the MIT Licence. See LICENSE.md for more info.