Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I set the HttpOnly flag on a cookie in Ruby on Rails

Tags:

ruby

ruby-on-rails

The page Protecting Your Cookies: HttpOnly explains why making HttpOnly cookies is a good idea.

How do I set this property in Ruby on Rails?

like image 849
Laurie Young Avatar asked Sep 16 '08 13:09

Laurie Young

People also ask

How do I set HttpOnly for cookies?

Set HttpOnly cookie in PHPini_set("session. cookie_httponly", True); This is the most common way to set cookies in PHP, empty variables will hold their default value.

What is HttpOnly flag in cookie?

What is HttpOnly? According to the Microsoft Developer Network, HttpOnly is an additional flag included in a Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie (if the browser supports it).

Can you modify HttpOnly cookie?

I've been told that putting httpOnly:true on the cookie prevents the browser from editing cookies, but I can still edit it on my local server. A HTTP only cookie prevents JavaScript from modifying cookies, not the browser.

1 Answers

Set the 'http_only' option in the hash used to set a cookie

e.g. 

cookies["user_name"] = { :value => "david", :httponly => true }

or, in Rails 2:

e.g. 

cookies["user_name"] = { :value => "david", :http_only => true }
like image 187
Laurie Young Avatar answered Sep 23 '22 23:09

Laurie Young
Sign in to Comment

Related questions

Is there a way to use pluralize() inside a model rather than a view?
rails4 unknown encoding name - CP720
twitter bootstrap drop down suddenly not working
Full url for an image-path in Rails 3
How do i specify and validate an enum in rails?
Rails cron with whenever, setting the environment
Rails upgrade to angular 2
BDD with Cucumber and rspec - when is this redundant?
Uploading a remote file url from Rails Console with Carrierwave
Is CSRF Protection necessary on a sign-up form?
How to remove controller names from rails routes?
What is a JSON octet and why are two required?
How can I test ActiveRecord::RecordNotFound in my rails app?
How can I stub find_each for rspec testing in rails 3
Rails: Testing named scopes with RSpec
Need two indexes on a HABTM join table?
jbuilder vs rails-api/active_model_serializers for JSON handling in Rails 4
Rails : RuntimeError - can't modify frozen Array when running rspec in rails
In Ruby on Rails, After send_file method delete the file from server
render :json => 'string here' expected result

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!