Testing Response cookie with Rspec v.1

Question

When I login to my app the server sends me back cookies(credentials and some app's cookie):

Response sent 170 bytes of Cookie data:
 Set-Cookie: user_credentials=val; path=/; HttpOnly; Secure

Response sent 554 bytes of Cookie data:
 Set-Cookie: _app_session=otherVal; path=/; HttpOnly; Secure

...and then redirects to the home page;

Cookies include some flags: e.g. httpOnly, Secure, etc.

How can I test whether cookies do include those flags with Rspec?

At least where can I find those cookies?

it "should generate cookies with proper flags" do    
    params = Factory.attributes_for(:user,
      :username => "uname",
      :password => "upass"
    )
    # login
    post 'create', params

    response.should redirect_to home_url # => pass

    puts "response cookie = #{response.cookies.inspect}" # => {} // no cookies in response, why?
end

Answer 1

Controller specs do not generate/invoke real http requests, they just set up the controller under test and invoke the requested action on it. No http request is made and no real http answer is generated. So you can only test the inner workings of a Rails controller on a more abstract level.

The cookie handling in these specs is rather simple, setting cookies in an action like this:

def set_cookies
  cookies[:foo]   = 'bar'
  cookies[:lorem] = {:value => 'ipsum', :expires => 3.days.from_now}

  render :nothing => true
end

results in the following values accessible in the spec:

it "should set some cookie values" do
  get :set_cookies

  # response.cookies looks like this:
  # {'foo' => 'bar', 'lorem' => 'ipsum'}     

  response.cookies['foo'].should == 'bar'
  response.cookies['lorem'].should == 'ipsum'
end

To test the kind of cookie flags that you see in your responses, you would have to use something that does real http requests. Maybe you can use the capybara gem for it?