Using the session from browser tools Application → storage we have the access for the session cookie which is responsible for communicating with the server but if i copy it and paste it in a new browser in my website page with or without login… the copied session is continuing how to avoid this i.e. if an hacker can get a session cookie he can by pass login can cause damage to the web-app… System conf :- Rails-5, Ruby-2.4.2 and Devise-4.8.1
Make sure you use SSL in production and you should cover the major attack vector.
For anyone checking this later, Rails has a guide dedicated to securing applications: