Feature #982
option to set secure flag on session and autologin cookie
Status: | New | Start date: | 2008-04-03 | |
---|---|---|---|---|
Priority: | Low | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | Accounts / authentication | |||
Target version: | - | |||
Resolution: |
Description
Is it possible to have a GUI setting to control the secure flag on the session and autologin cookies? I was able to set them by making the changes below:
app/controllers/account_controller.rb cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now, :secure => true } config/environment.rb ActionController::Base.session_options[:session_secure] = true
thanks!
Related issues
History
#1
Updated by S Reid almost 12 years ago
Any plans to implement this ? I think it's needed to avoid HTTP Session hijacking ?
#2
Updated by Toshi MARUYAMA over 11 years ago
- Category set to Accounts / authentication