From b745fe1e83df24990f8489a819bef62f4add49a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Thu, 12 Jan 2012 20:46:54 +0100
Subject: config.force_ssl should mark the session as secure.

---
 railties/lib/rails/application.rb | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'railties/lib/rails/application.rb')

diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 19e8426e60..6d3349c61b 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -266,6 +266,9 @@ module Rails
         middleware.use ::ActionDispatch::Cookies
 
         if config.session_store
+          if config.force_ssl && !config.session_options.key?(:secure)
+            config.session_options[:secure] = true
+          end
           middleware.use config.session_store, config.session_options
           middleware.use ::ActionDispatch::Flash
         end
-- 
cgit v1.2.3