Set cookie cookie as safe on rails

Question

Set cookie cookie as safe on rails

I have a Rails application that runs on https. My app session cookies are only http-only. How to set these cookies as secure and https-only in rails?

+4

ruby-on-rails-4

Srinivas yadav Mar 19 '15 at 11:37

source share

1 answer

jmera · Answer 1 · 2015-07-11T16:18:22+0000

Rails 3/4

If you want to mark the session cookie as safe, config/initializers/session_store.rbset the safe flag to:

Demo::Application.config.session_store :cookie_store,
  key: '_demo_session',
  secret: "your secret",
  secure: Rails.env.production?, # flags cookies as secure only in production
  httponly: true # should be true by default for all cookies

If you want to mark all cookies as safe, add them config.force_ssl = trueto the desired file config/environments/*.rb. This feature adds other features to your Rails application, summing up here .

Set cookie cookie as safe on rails

Rails 3/4

More articles: