发表新帖
发表新帖

How do I set the HttpOnly flag on a cookie in Ruby on Rails

前端 未结
关注
5 1800
小鲜肉
小鲜肉 2021-02-05 01:08

The page Protecting Your Cookies: HttpOnly explains why making HttpOnly cookies is a good idea.

How do I set this property in Ruby on Rails?

5条回答
  • 南旧
    南旧 (楼主)
    2021-02-05 01:38

    If you’ve a file called config/session_store.rb including this line (Rails 3+), then it’s automatically set already. config/initializers/session_store.rb:

    # Be sure to restart your server when you modify this file.
Rails.application.config.session_store :cookie_store, key: "_my_application_session"

    Also rails allows you to set following keys:

    :expires - The time at which this cookie expires, as a Time object.

    :secure - Whether this cookie is only transmitted to HTTPS servers. Default is false.

    0 讨论(0)
 看不清?
提交回复
热议问题