Feature #982
option to set secure flag on session and autologin cookie
| Status: | New | Start date: | 2008-04-03 | |
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Accounts / authentication | |||
| Target version: | - | |||
| Resolution: |
Description
Is it possible to have a GUI setting to control the secure flag on the session and autologin cookies? I was able to set them by making the changes below:
app/controllers/account_controller.rb
cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now, :secure => true }
config/environment.rb
ActionController::Base.session_options[:session_secure] = true
thanks!
Related issues
History
#1 Updated by S Reid over 1 year ago
Any plans to implement this ? I think it's needed to avoid HTTP Session hijacking ?
#2 Updated by Toshi MARUYAMA about 1 year ago
- Category set to Accounts / authentication