diff options
| author | Pelle Braendgaard <pelleb@gmail.com> | 2008-09-16 09:22:11 -0700 |
|---|---|---|
| committer | Michael Koziarski <michael@koziarski.com> | 2008-09-17 13:20:16 +0200 |
| commit | 7ecb9689b03335ec28958c506b083390f4212d45 (patch) | |
| tree | e359e86f989b0c9a27f9bafba68c5ba6cd9f01bc /actionpack/lib/action_controller/session_management.rb | |
| parent | c47525a58397851895b25f7c1bba06b30b0f6b5d (diff) | |
| download | rails-7ecb9689b03335ec28958c506b083390f4212d45.tar.gz rails-7ecb9689b03335ec28958c506b083390f4212d45.tar.bz2 rails-7ecb9689b03335ec28958c506b083390f4212d45.zip | |
Added support for http_only cookies in cookie_store Added unit tests for secure and http_only cookies in cookie_store
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#1046 state:committed]
Diffstat (limited to 'actionpack/lib/action_controller/session_management.rb')
| -rw-r--r-- | actionpack/lib/action_controller/session_management.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/session_management.rb b/actionpack/lib/action_controller/session_management.rb index f5a1155a46..fd3d94ed97 100644 --- a/actionpack/lib/action_controller/session_management.rb +++ b/actionpack/lib/action_controller/session_management.rb @@ -60,6 +60,10 @@ module ActionController #:nodoc: # # the session will only work over HTTPS, but only for the foo action # session :only => :foo, :session_secure => true # + # # the session by default uses HttpOnly sessions for security reasons. + # # this can be switched off. + # session :only => :foo, :session_http_only => false + # # # the session will only be disabled for 'foo', and only if it is # # requested as a web service # session :off, :only => :foo, |