This project is archived and is in readonly mode.

#1784 ✓resolved
Cody Fauser

Restore cookie session store httponly default to true

Reported by Cody Fauser | January 20th, 2009 @ 12:40 PM

#1046 changed the cookie session store to default to httponly cookies. However, this default setting was lost when the cookie store was switched to a rack based session store. Both the Active Record session store and memcache session store currently default to httponly cookies.

This patch restores the default of httponly to true in the cookie session store and removes an extraneous .dup call on the options hash in initialize. Since #symbolize_keys is called on the options, which returns a new hash, the dup call isn't needed.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

People watching this ticket

Attachments

Referenced by

Pages