Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

session cookie httponly false rails 3.1

I'm trying to turn httponly off for use in phonegap. I'm useing rails 3.1 and devise, each of which have reported (but not documented) ways of doing this, none of which work:

# application.rb
config.session_options = { :httponly => false } # no effect
config.session = { :httponly => false } # undefined method `session='


# devise.rb
config.cookie_options = { :httponly => false } # also no effect

to test I restarted the server, deleted the existing cookie, and reloaded the page. 'Http' column was still checked in the chrome debugger.

help!

like image 357
Peter Ehrlich Avatar asked Jan 19 '23 03:01

Peter Ehrlich


1 Answers

This little snippet seems to work :

Testapp::Application.config.session_store :cookie_store, key: '_testapp_session', :domain => :all, :httponly => false
like image 182
sailor Avatar answered Jan 29 '23 21:01

sailor