diff options
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/session/cookie_store.rb | 2 | ||||
| -rw-r--r-- | railties/test/application/middleware/session_test.rb | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb index dec9c60ef2..380a24a367 100644 --- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb @@ -64,7 +64,7 @@ module ActionDispatch # <tt>:httponly</tt>. class CookieStore < AbstractStore def initialize(app, options={}) - super(app, options.merge!(:cookie_only => true)) + super(app, options.merge!(cookie_only: true)) end def delete_session(req, session_id, options) diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb index 85e7761727..6ea7cad201 100644 --- a/railties/test/application/middleware/session_test.rb +++ b/railties/test/application/middleware/session_test.rb @@ -373,5 +373,11 @@ module ApplicationTests refute Rails.application.middleware.include?(ActionDispatch::Flash) end + + test "cookie_only is set to true even if user tries to overwrite it" do + add_to_config "config.session_store :cookie_store, key: '_myapp_session', cookie_only: false" + require "#{app_path}/config/environment" + assert app.config.session_options[:cookie_only], "Expected cookie_only to be set to true" + end end end |