From 8873ececdaf78160d5d1b2717457c2a9f500e22a Mon Sep 17 00:00:00 2001 From: Cody Fauser Date: Tue, 20 Jan 2009 07:30:19 -0500 Subject: [PATCH] Restore cookie store httponly default to true. Remove extraneous dup of options on initialization --- .../lib/action_controller/session/cookie_store.rb | 4 +--- .../test/controller/session/cookie_store_test.rb | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/actionpack/lib/action_controller/session/cookie_store.rb b/actionpack/lib/action_controller/session/cookie_store.rb index e061c4d..6ad6369 100644 --- a/actionpack/lib/action_controller/session/cookie_store.rb +++ b/actionpack/lib/action_controller/session/cookie_store.rb @@ -45,7 +45,7 @@ module ActionController :domain => nil, :path => "/", :expire_after => nil, - :httponly => false + :httponly => true }.freeze ENV_SESSION_KEY = "rack.session".freeze @@ -56,8 +56,6 @@ module ActionController class CookieOverflow < StandardError; end def initialize(app, options = {}) - options = options.dup - # Process legacy CGI options options = options.symbolize_keys if options.has_key?(:session_path) diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index d349c18..b6a38f4 100644 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -94,7 +94,7 @@ class CookieStoreTest < ActionController::IntegrationTest with_test_route_set do get '/set_session_value' assert_response :success - assert_equal ["_myapp_session=#{response.body}; path=/"], + assert_equal ["_myapp_session=#{response.body}; path=/; httponly"], headers['Set-Cookie'] end end @@ -148,7 +148,7 @@ class CookieStoreTest < ActionController::IntegrationTest get '/set_session_value' assert_response :success session_payload = response.body - assert_equal ["_myapp_session=#{response.body}; path=/"], + assert_equal ["_myapp_session=#{response.body}; path=/; httponly"], headers['Set-Cookie'] get '/call_reset_session' -- 1.5.6.1