Laurie Young Laurie Young - 1 month ago 8
Ruby Question

How do I set the HttpOnly flag on a cookie in Ruby on Rails

The page Protecting Your Cookies: HttpOnly explains why making HttpOnly cookies is a good idea.

How do I set this property in Ruby on Rails?

Answer

Set the 'http_only' option in the hash used to set a cookie

e.g.

cookies["user_name"] = { :value => "david", :httponly => true }

or, in Rails 2:

e.g.

cookies["user_name"] = { :value => "david", :http_only => true }