From 288e947ae1737645985fde76f5382baaff700505 Mon Sep 17 00:00:00 2001 From: Clemens Kofler Date: Tue, 2 Sep 2008 15:33:49 +0200 Subject: Some performance goodness for inheritable attributes. Signed-off-by: Jeremy Kemper --- actionpack/lib/action_controller/session_management.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_controller/session_management.rb') diff --git a/actionpack/lib/action_controller/session_management.rb b/actionpack/lib/action_controller/session_management.rb index 80a3ddd2c5..f5a1155a46 100644 --- a/actionpack/lib/action_controller/session_management.rb +++ b/actionpack/lib/action_controller/session_management.rb @@ -86,14 +86,14 @@ module ActionController #:nodoc: raise ArgumentError, "only one of either :only or :except are allowed" end - write_inheritable_array("session_options", [options]) + write_inheritable_array(:session_options, [options]) end # So we can declare session options in the Rails initializer. alias_method :session=, :session def cached_session_options #:nodoc: - @session_options ||= read_inheritable_attribute("session_options") || [] + @session_options ||= read_inheritable_attribute(:session_options) || [] end def session_options_for(request, action) #:nodoc: -- cgit v1.2.3 From 7ecb9689b03335ec28958c506b083390f4212d45 Mon Sep 17 00:00:00 2001 From: Pelle Braendgaard Date: Tue, 16 Sep 2008 09:22:11 -0700 Subject: Added support for http_only cookies in cookie_store Added unit tests for secure and http_only cookies in cookie_store Signed-off-by: Michael Koziarski [#1046 state:committed] --- actionpack/lib/action_controller/session_management.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'actionpack/lib/action_controller/session_management.rb') diff --git a/actionpack/lib/action_controller/session_management.rb b/actionpack/lib/action_controller/session_management.rb index f5a1155a46..fd3d94ed97 100644 --- a/actionpack/lib/action_controller/session_management.rb +++ b/actionpack/lib/action_controller/session_management.rb @@ -60,6 +60,10 @@ module ActionController #:nodoc: # # the session will only work over HTTPS, but only for the foo action # session :only => :foo, :session_secure => true # + # # the session by default uses HttpOnly sessions for security reasons. + # # this can be switched off. + # session :only => :foo, :session_http_only => false + # # # the session will only be disabled for 'foo', and only if it is # # requested as a web service # session :off, :only => :foo, -- cgit v1.2.3