发表新帖
发表新帖

How do I set the HttpOnly flag on a cookie in Ruby on Rails

前端 未结
关注
5 1789
小鲜肉
小鲜肉 2021-02-05 01:08

The page Protecting Your Cookies: HttpOnly explains why making HttpOnly cookies is a good idea.

How do I set this property in Ruby on Rails?

5条回答
  • 半阙折子戏
    半阙折子戏 (楼主)
    2021-02-05 01:27

    I also wrote a patch that is included in Rails 2.2, which defaults the CookieStore session to be http_only.

    Unfortunately session cookies are still by default regular cookies.

    0 讨论(0)
 看不清?
提交回复
热议问题