From b745fe1e83df24990f8489a819bef62f4add49a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 12 Jan 2012 20:46:54 +0100 Subject: config.force_ssl should mark the session as secure. --- railties/lib/rails/application.rb | 3 +++ .../test/application/middleware/session_test.rb | 30 ++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 railties/test/application/middleware/session_test.rb diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 19e8426e60..6d3349c61b 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -266,6 +266,9 @@ module Rails middleware.use ::ActionDispatch::Cookies if config.session_store + if config.force_ssl && !config.session_options.key?(:secure) + config.session_options[:secure] = true + end middleware.use config.session_store, config.session_options middleware.use ::ActionDispatch::Flash end diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb new file mode 100644 index 0000000000..f4e77ee244 --- /dev/null +++ b/railties/test/application/middleware/session_test.rb @@ -0,0 +1,30 @@ +# encoding: utf-8 +require 'isolation/abstract_unit' +require 'rack/test' + +module ApplicationTests + class MiddlewareSessionTest < ActiveSupport::TestCase + include ActiveSupport::Testing::Isolation + include Rack::Test::Methods + + def setup + build_app + boot_rails + FileUtils.rm_rf "#{app_path}/config/environments" + end + + def teardown + teardown_app + end + + def app + @app ||= Rails.application + end + + test "config.force_ssl sets cookie to secure only" do + add_to_config "config.force_ssl = true" + require "#{app_path}/config/environment" + assert app.config.session_options[:secure], "Expected session to be marked as secure" + end + end +end -- cgit v1.2.3