session cookie httponly false rails 3.1

Question

I'm trying to turn httponly off for use in phonegap. I'm useing rails 3.1 and devise, each of which have reported (but not documented) ways of doing this, none of which work:

# application.rb
config.session_options = { :httponly => false } # no effect
config.session = { :httponly => false } # undefined method `session='


# devise.rb
config.cookie_options = { :httponly => false } # also no effect

to test I restarted the server, deleted the existing cookie, and reloaded the page. 'Http' column was still checked in the chrome debugger.

help!

Answer 1

This little snippet seems to work :

Testapp::Application.config.session_store :cookie_store, key: '_testapp_session', :domain => :all, :httponly => false