diff options
| author | W. Andrew Loe III <andrew@andrewloe.com> | 2010-09-13 14:29:25 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2010-09-13 15:11:46 -0700 |
| commit | 9cd094b8da492b711002dd4b1f2792f315e9bde0 (patch) | |
| tree | ba8839bfda54d59d7861aeb3e63f4fae4fca9bbd /actionpack/lib | |
| parent | 0522b26cdf15ba1b5c89fc64f9069e1a13cafcff (diff) | |
| download | rails-9cd094b8da492b711002dd4b1f2792f315e9bde0.tar.gz rails-9cd094b8da492b711002dd4b1f2792f315e9bde0.tar.bz2 rails-9cd094b8da492b711002dd4b1f2792f315e9bde0.zip | |
Only send secure cookies over SSL.
Diffstat (limited to 'actionpack/lib')
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/session/abstract_store.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb index dd82294644..348a2d1eb2 100644 --- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb @@ -152,6 +152,10 @@ module ActionDispatch options = env[ENV_SESSION_OPTIONS_KEY] if !session_data.is_a?(AbstractStore::SessionHash) || session_data.loaded? || options[:expire_after] + request = ActionDispatch::Request.new(env) + + return response if (options[:secure] && !request.ssl?) + session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.loaded? sid = options[:id] || generate_sid @@ -165,7 +169,6 @@ module ActionDispatch cookie[:expires] = Time.now + options.delete(:expire_after) end - request = ActionDispatch::Request.new(env) set_cookie(request, cookie.merge!(options)) end |