This project is archived and is in readonly mode.
Restore cookie session store httponly default to true
Reported by Cody Fauser | January 20th, 2009 @ 12:40 PM
#1046 changed the cookie session store to default to httponly cookies. However, this default setting was lost when the cookie store was switched to a rack based session store. Both the Active Record session store and memcache session store currently default to httponly cookies.
This patch restores the default of httponly to true in the cookie session store and removes an extraneous .dup call on the options hash in initialize. Since #symbolize_keys is called on the options, which returns a new hash, the dup call isn't needed.
Comments and changes to this ticket
-
josh January 20th, 2009 @ 04:20 PM
- Milestone cleared.
- State changed from “new” to “open”
- Assigned user set to “josh”
-
Repository January 20th, 2009 @ 06:40 PM
- State changed from “open” to “resolved”
(from [c090e5e0755bea3a7cd7135329f8dae6094810b6]) Restore cookie store httponly default to true. Remove extraneous dup of options on initialization [#1784 state:resolved] Signed-off-by: Joshua Peek josh@joshpeek.com http://github.com/rails/rails/co...
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
People watching this ticket
Cody Fauser
josh
Attachments
Tags
Referenced by
-
1784
Restore cookie session store httponly default to true
(from [c090e5e0755bea3a7cd7135329f8dae6094810b6]) Restore...