开发者

How do I set the session cookie's HttpOnly setting to false?

开发者 https://www.devze.com 2022-12-28 02:32 出处：网络

In Ruby 开发者_C百科on Rails, how do I set the session cookie\'s httpOnly setting to false?In Rails 4, you need to edit config/initializers/session_store.rb

相关专题：cookies httponly ruby-on-rails session

In Ruby 开发者_C百科on Rails, how do I set the session cookie's httpOnly setting to false?

In Rails 4, you need to edit config/initializers/session_store.rb

Rails.application.config.session_store(
  :cookie_store,
  key: '_socializus_session',
  httponly: false,
)

This is how i did it with Rails 3:

Testapp::Application.config.session_store :cookie_store, key: '_testapp_session', :domain => :all, :httponly => false

I figured this out. In /config/environment.rb include this code:

  config.action_controller.session = {
    :httponly => false
  }

Rails has it set by default to true. I don't recommend to change it because it will set you cookies accessable for changing from JS like: document.cookie

In Rails 3+ you can change your cookies configuration from config/initializers/session_store.rb:

# Be sure to restart your server when you modify this file.
Rails.application.config.session_store :cookie_store, key: "_my_application_session", httponly: false