The page http://www.codinghorror.com/blog/archives/001167.html explains why making HttpOnly cookies is a good idea
How do I set this property in RubyOnRails
-
Just set :http_only to true as described in the changelog.
From Michael Haren -
Set the 'http_only' option in the hash used to set a cookie
e.g.
cookies["user_name"] = { :value => "david", :http_only => true }From Laurie Young -
I also wrote a patch that is included in Rails 2.2, which defaults the CookieStore session to be http_only.
Unfortunately session cookies are still by default regular cookies.
From Pelle
0 comments:
Post a Comment